Description
Several remote vulnerabilities have been discovered in PHP 5, an hypertext
preprocessor.
The Common Vulnerabilities and Exposures project identifies the following
problems:
* [CVE-2010-1917](https://security-tracker.debian.org/tracker/CVE-2010-1917)
The fnmatch function can be abused to conduct denial of service attacks
(by crashing the interpreter) by the means of a stack overflow.
* [CVE-2010-2225](https://security-tracker.debian.org/tracker/CVE-2010-2225)
The SplObjectStorage unserializer allows attackers to execute arbitrary
code via serialized data by the means of a use-after-free
vulnerability.
* [CVE-2010-3065](https://security-tracker.debian.org/tracker/CVE-2010-3065)
The default sessions serializer does not correctly handle a special
marker, which allows an attacker to inject arbitrary variables into the
session and possibly exploit vulnerabilities in the unserializer.
* [CVE-2010-1128](https://security-tracker.debian.org/tracker/CVE-2010-1128)
For this vulnerability (predictable entropy for the Linear Congruential
Generator used to generate session ids) we do not consider upstream's
solution to be sufficient. It is recommended to uncomment the
session.entropy\_file and session.entropy\_length settings in the php.ini
files. Further improvements can be achieved by setting
session.hash\_function to 1 (one) and incrementing the value of
session.entropy\_length.
For the stable distribution (lenny), these problems have been fixed in
version 5.2.6.dfsg.1-1+lenny9.
For the testing distribution (squeeze) and the unstable distribution (sid),
these problems will be fixed soon.
We recommend that you upgrade your php5 packages.
Affected Software
CPE Name
Name
Version
php5 5.2.6.dfsg.1-1+lenny2
php5 5.2.6.dfsg.1-1+lenny3
php5 5.2.6.dfsg.1-1+lenny4
php5 5.2.6.dfsg.1-1+lenny6
php5 5.2.6.dfsg.1-1+lenny8
Related
{"id": "OSV:DSA-2089-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "php5 - several vulnerabilities", "description": "\nSeveral remote vulnerabilities have been discovered in PHP\u00a05, an hypertext\npreprocessor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\n\n* [CVE-2010-1917](https://security-tracker.debian.org/tracker/CVE-2010-1917)\nThe fnmatch function can be abused to conduct denial of service attacks\n (by crashing the interpreter) by the means of a stack overflow.\n* [CVE-2010-2225](https://security-tracker.debian.org/tracker/CVE-2010-2225)\nThe SplObjectStorage unserializer allows attackers to execute arbitrary\n code via serialized data by the means of a use-after-free\n vulnerability.\n* [CVE-2010-3065](https://security-tracker.debian.org/tracker/CVE-2010-3065)\nThe default sessions serializer does not correctly handle a special\n marker, which allows an attacker to inject arbitrary variables into the\n session and possibly exploit vulnerabilities in the unserializer.\n* [CVE-2010-1128](https://security-tracker.debian.org/tracker/CVE-2010-1128)\nFor this vulnerability (predictable entropy for the Linear Congruential\n Generator used to generate session ids) we do not consider upstream's\n solution to be sufficient. It is recommended to uncomment the\n session.entropy\\_file and session.entropy\\_length settings in the php.ini\n files. Further improvements can be achieved by setting\n session.hash\\_function to 1 (one) and incrementing the value of\n session.entropy\\_length.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny9.\n\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your php5 packages.\n\n\n", "published": "2010-08-06T00:00:00", "modified": "2023-06-28T06:35:27", "epss": [{"cve": "CVE-2010-1128", "epss": 0.01068, "percentile": 0.82156, "modified": "2023-06-25"}, {"cve": "CVE-2010-1917", "epss": 0.01593, "percentile": 0.85535, "modified": "2023-06-25"}, {"cve": "CVE-2010-2225", "epss": 0.04474, "percentile": 0.91244, "modified": "2023-06-25"}, {"cve": "CVE-2010-3065", "epss": 0.00471, "percentile": 0.72182, "modified": "2023-06-26"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://osv.dev/vulnerability/DSA-2089-1", "reporter": "Google", "references": ["https://www.debian.org/security/2010/dsa-2089"], "cvelist": ["CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2225", "CVE-2010-3065"], "immutableFields": [], "lastseen": "2023-06-28T06:36:12", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0919"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2013-2987", "CPAI-2014-1799"]}, {"type": "cve", "idList": ["CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2225", "CVE-2010-3065", "CVE-2011-1071"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2089-1:00F1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1071"]}, {"type": "f5", "idList": ["SOL12253", "SOL15885"]}, {"type": "fedora", "idList": ["FEDORA:0129311067C", "FEDORA:27D41110369", "FEDORA:2ED1F11052D", "FEDORA:363A1110632", "FEDORA:E6EE910FDE7", "FEDORA:EDBEB110632"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0919.NASL", "DEBIAN_DSA-2089.NASL", "F5_BIGIP_SOL15885.NASL", "FEDORA_2010-11428.NASL", "FEDORA_2010-11481.NASL", "GENTOO_GLSA-201110-06.NASL", "HPSMH_6_3_0_22.NASL", "MACOSX_SECUPD2010-005.NASL", "MANDRIVA_MDVSA-2010-058.NASL", "MANDRIVA_MDVSA-2010-139.NASL", "MANDRIVA_MDVSA-2010-140.NASL", "ORACLELINUX_ELSA-2010-0919.NASL", "PHP_5_2_13.NASL", "PHP_5_2_14.NASL", "PHP_5_3_1.NASL", "PHP_5_3_3.NASL", "REDHAT-RHSA-2010-0919.NASL", "SLACKWARE_SSA_2010-240-04.NASL", "SL_20101129_PHP_ON_SL4_X.NASL", "SUSE_11_1_APACHE2-MOD_PHP5-100928.NASL", "SUSE_11_2_APACHE2-MOD_PHP5-100813.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-100812.NASL", "SUSE_11_APACHE2-MOD_PHP5-100805.NASL", "SUSE_APACHE2-MOD_PHP5-7110.NASL", "UBUNTU_USN-989-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100511", "OPENVAS:1361412562310100684", "OPENVAS:1361412562310110171", "OPENVAS:1361412562310110178", "OPENVAS:1361412562310110182", "OPENVAS:1361412562310122295", "OPENVAS:136141256231068173", "OPENVAS:136141256231070769", "OPENVAS:1361412562310830876", "OPENVAS:1361412562310831114", "OPENVAS:1361412562310831115", "OPENVAS:1361412562310840501", "OPENVAS:1361412562310862343", "OPENVAS:1361412562310862345", "OPENVAS:1361412562310862346", "OPENVAS:1361412562310862347", "OPENVAS:1361412562310862349", "OPENVAS:1361412562310862351", "OPENVAS:1361412562310870362", "OPENVAS:1361412562310880456", "OPENVAS:1361412562310880633", "OPENVAS:68173", "OPENVAS:70769", "OPENVAS:830876", "OPENVAS:831114", "OPENVAS:831115", "OPENVAS:840501", "OPENVAS:862343", "OPENVAS:862345", "OPENVAS:862346", "OPENVAS:862347", "OPENVAS:862349", "OPENVAS:862351", "OPENVAS:870362", "OPENVAS:880456", "OPENVAS:880633"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0919"]}, {"type": "redhat", "idList": ["RHSA-2010:0919"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24800", "SECURITYVULNS:DOC:26222", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:VULN:10820", "SECURITYVULNS:VULN:11165", "SECURITYVULNS:VULN:11626"]}, {"type": "slackware", "idList": ["SSA-2010-240-04"]}, {"type": "thn", "idList": ["THN:4D010FAF46F8DECDF22AE08BD5AA6962", "THN:570BC20A68A3569A403256D8040A03BB"]}, {"type": "threatpost", "idList": ["THREATPOST:A04B08327D4E7C2B97F353216BAFA013"]}, {"type": "ubuntu", "idList": ["USN-989-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1128", "UB:CVE-2010-1917", "UB:CVE-2010-2225", "UB:CVE-2010-3065", "UB:CVE-2011-1071"]}, {"type": "veracode", "idList": ["VERACODE:24425", "VERACODE:24426", "VERACODE:24428"]}]}, "score": {"value": 3.2, "vector": "NONE"}, "epss": [{"cve": "CVE-2010-2225", "epss": "0.044740000", "percentile": "0.911440000", "modified": "2023-03-20"}, {"cve": "CVE-2010-3065", "epss": "0.004710000", "percentile": "0.718180000", "modified": "2023-03-20"}, {"cve": "CVE-2010-1917", "epss": "0.015930000", "percentile": "0.853720000", "modified": "2023-03-20"}, {"cve": "CVE-2010-1128", "epss": "0.010680000", "percentile": "0.819580000", "modified": "2023-03-20"}], "vulnersScore": 3.2}, "_state": {"dependencies": 1687934438, "score": 1698853730, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "71e3d483089a2125e6bef5a1bdf3d033"}, "affectedSoftware": [{"version": "5.2.6.dfsg.1-1+lenny2", "operator": "eq", "name": "php5"}, {"version": "5.2.6.dfsg.1-1+lenny3", "operator": "eq", "name": "php5"}, {"version": "5.2.6.dfsg.1-1+lenny4", "operator": "eq", "name": "php5"}, {"version": "5.2.6.dfsg.1-1+lenny6", "operator": "eq", "name": "php5"}, {"version": "5.2.6.dfsg.1-1+lenny8", "operator": "eq", "name": "php5"}]}
{"nessus": [{"lastseen": "2023-12-02T15:30:32", "description": "Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks (by crashing the interpreter) by the means of a stack overflow.\n\n - CVE-2010-2225 The SplObjectStorage unserializer allows attackers to execute arbitrary code via serialized data by the means of a use-after-free vulnerability.\n\n - CVE-2010-3065 The default sessions serializer does not correctly handle a special marker, which allows an attacker to inject arbitrary variables into the session and possibly exploit vulnerabilities in the unserializer.\n\n - CVE-2010-1128 For this vulnerability (predictable entropy for the Linear Congruential Generator used to generate session ids) we do not consider upstream's solution to be sufficient. It is recommended to uncomment the'session.entropy_file' and 'session.entropy_length' settings in the php.ini files. Further improvements can be achieved by setting'session.hash_function' to 1 (one) and incrementing the value of'session.entropy_length'.", "cvss3": {}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Debian DSA-2089-1 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2225", "CVE-2010-3065"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2089.NASL", "href": "https://www.tenable.com/plugins/nessus/48384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2089. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48384);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1917\", \"CVE-2010-2225\", \"CVE-2010-3065\");\n script_bugtraq_id(40948, 41991);\n script_xref(name:\"DSA\", value:\"2089\");\n\n script_name(english:\"Debian DSA-2089-1 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in PHP 5, an\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2010-1917\n The fnmatch function can be abused to conduct denial of\n service attacks (by crashing the interpreter) by the\n means of a stack overflow.\n\n - CVE-2010-2225\n The SplObjectStorage unserializer allows attackers to\n execute arbitrary code via serialized data by the means\n of a use-after-free vulnerability.\n\n - CVE-2010-3065\n The default sessions serializer does not correctly\n handle a special marker, which allows an attacker to\n inject arbitrary variables into the session and possibly\n exploit vulnerabilities in the unserializer.\n\n - CVE-2010-1128\n For this vulnerability (predictable entropy for the\n Linear Congruential Generator used to generate session\n ids) we do not consider upstream's solution to be\n sufficient. It is recommended to uncomment\n the'session.entropy_file' and 'session.entropy_length'\n settings in the php.ini files. Further improvements can\n be achieved by setting'session.hash_function' to 1 (one)\n and incrementing the value of'session.entropy_length'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2089\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libapache2-mod-php5\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php-pear\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-cgi\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-cli\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-common\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-curl\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-dbg\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-dev\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-gd\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-gmp\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-imap\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-interbase\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-ldap\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-mcrypt\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-mhash\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-mysql\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-odbc\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-pgsql\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-pspell\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-recode\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-snmp\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-sqlite\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-sybase\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-tidy\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-xmlrpc\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"php5-xsl\", reference:\"5.2.6.dfsg.1-1+lenny9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:22", "description": "New php packages are available for Slackware 11.0 (extra), 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.", "cvss3": {}, "published": "2010-08-29T00:00:00", "type": "nessus", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2010-240-04)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1917", "CVE-2010-2225"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2010-240-04.NASL", "href": "https://www.tenable.com/plugins/nessus/48921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-240-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48921);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1917\", \"CVE-2010-2225\");\n script_bugtraq_id(40948, 41991);\n script_xref(name:\"SSA\", value:\"2010-240-04\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2010-240-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0 (extra), 12.0,\n12.1, 12.2, 13.0, 13.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.507793\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73b099e9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.2.14\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:58", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : php (CESA-2010:0919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5016", "CVE-2010-0397", "CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-domxml", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-ncurses", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0919.NASL", "href": "https://www.tenable.com/plugins/nessus/50862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0919 and \n# CentOS Errata and Security Advisory 2010:0919 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50862);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_bugtraq_id(38430, 38708, 41991, 44605, 44889);\n script_xref(name:\"RHSA\", value:\"2010:0919\");\n\n script_name(english:\"CentOS 4 / 5 : php (CESA-2010:0919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user\ninput, a remote attacker could use this flaw to inject an arbitrary\nvariable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export()\nfunction implementation. If some fatal error occurred during the\nexecution of this function (such as the exhaustion of memory or script\nexecution time limit), part of the function's output was sent to the\nuser as script output, possibly leading to the disclosure of sensitive\ninformation. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in\nthe way the PHP utf8_decode() function decoded partial multi-byte\nsequences for some multi-byte encodings, sending them to output\nwithout them being escaped. An attacker could use these flaws to\nperform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient\nentropy to seed the pseudo-random number generator. A remote attacker\ncould possibly use this flaw to predict values returned by the\nfunction, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy\nduring seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the\nlength of the pattern argument. A remote attacker could use this flaw\nto crash the PHP interpreter where a script used fnmatch() on\nuntrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC\nextension. A malicious XML-RPC client or server could use this flaw to\ncrash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-December/017205.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1573b130\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-December/017206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f265b3da\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017197.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2b40099\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017198.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?409943b3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-devel-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-devel-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-domxml-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-domxml-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-gd-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-gd-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-imap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-imap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-ldap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-ldap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-mbstring-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-mbstring-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-mysql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-mysql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-ncurses-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-ncurses-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-odbc-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-odbc-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-pear-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-pear-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-pgsql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-snmp-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-snmp-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"php-xmlrpc-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"php-xmlrpc-4.3.9-3.31\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:48:26", "description": "An input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5016", "CVE-2010-0397", "CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101129_PHP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60908);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user\ninput, a remote attacker could use this flaw to inject an arbitrary\nvariable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export()\nfunction implementation. If some fatal error occurred during the\nexecution of this function (such as the exhaustion of memory or script\nexecution time limit), part of the function's output was sent to the\nuser as script output, possibly leading to the disclosure of sensitive\ninformation. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in\nthe way the PHP utf8_decode() function decoded partial multi-byte\nsequences for some multi-byte encodings, sending them to output\nwithout them being escaped. An attacker could use these flaws to\nperform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient\nentropy to seed the pseudo-random number generator. A remote attacker\ncould possibly use this flaw to predict values returned by the\nfunction, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy\nduring seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the\nlength of the pattern argument. A remote attacker could use this flaw\nto crash the PHP interpreter where a script used fnmatch() on\nuntrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC\nextension. A malicious XML-RPC client or server could use this flaw to\ncrash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1011&L=scientific-linux-errata&T=0&P=1564\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a48d3681\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"php-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-devel-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-domxml-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-gd-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-imap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-ldap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-mbstring-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-mysql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-ncurses-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-odbc-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-pear-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-pgsql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-snmp-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"php-xmlrpc-4.3.9-3.31\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:08", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-11-30T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : php (RHSA-2010:0919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5016", "CVE-2010-0397", "CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-domxml", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0919.NASL", "href": "https://www.tenable.com/plugins/nessus/50841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0919. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50841);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_bugtraq_id(38430, 38708, 41991, 44605, 44889);\n script_xref(name:\"RHSA\", value:\"2010:0919\");\n\n script_name(english:\"RHEL 4 / 5 : php (RHSA-2010:0919)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user\ninput, a remote attacker could use this flaw to inject an arbitrary\nvariable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export()\nfunction implementation. If some fatal error occurred during the\nexecution of this function (such as the exhaustion of memory or script\nexecution time limit), part of the function's output was sent to the\nuser as script output, possibly leading to the disclosure of sensitive\ninformation. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in\nthe way the PHP utf8_decode() function decoded partial multi-byte\nsequences for some multi-byte encodings, sending them to output\nwithout them being escaped. An attacker could use these flaws to\nperform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient\nentropy to seed the pseudo-random number generator. A remote attacker\ncould possibly use this flaw to predict values returned by the\nfunction, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy\nduring seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the\nlength of the pattern argument. A remote attacker could use this flaw\nto crash the PHP interpreter where a script used fnmatch() on\nuntrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC\nextension. A malicious XML-RPC client or server could use this flaw to\ncrash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0919\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0919\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.31\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.31\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:11:27", "description": "From Red Hat Security Advisory 2010:0919 :\n\nUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : php (ELSA-2010-0919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5016", "CVE-2010-0397", "CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-domxml", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-ncurses", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pear", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0919.NASL", "href": "https://www.tenable.com/plugins/nessus/68150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0919 and \n# Oracle Linux Security Advisory ELSA-2010-0919 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68150);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_bugtraq_id(38430, 38708, 41991, 44605, 44889);\n script_xref(name:\"RHSA\", value:\"2010:0919\");\n\n script_name(english:\"Oracle Linux 4 / 5 : php (ELSA-2010-0919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0919 :\n\nUpdated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nAn input validation flaw was discovered in the PHP session serializer.\nIf a PHP script generated session variable names from untrusted user\ninput, a remote attacker could use this flaw to inject an arbitrary\nvariable into the PHP session. (CVE-2010-3065)\n\nAn information leak flaw was discovered in the PHP var_export()\nfunction implementation. If some fatal error occurred during the\nexecution of this function (such as the exhaustion of memory or script\nexecution time limit), part of the function's output was sent to the\nuser as script output, possibly leading to the disclosure of sensitive\ninformation. (CVE-2010-2531)\n\nA numeric truncation error and an input validation flaw were found in\nthe way the PHP utf8_decode() function decoded partial multi-byte\nsequences for some multi-byte encodings, sending them to output\nwithout them being escaped. An attacker could use these flaws to\nperform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\nIt was discovered that the PHP lcg_value() function used insufficient\nentropy to seed the pseudo-random number generator. A remote attacker\ncould possibly use this flaw to predict values returned by the\nfunction, which are used to generate session identifiers by default.\nThis update changes the function's implementation to use more entropy\nduring seeding. (CVE-2010-1128)\n\nIt was discovered that the PHP fnmatch() function did not restrict the\nlength of the pattern argument. A remote attacker could use this flaw\nto crash the PHP interpreter where a script used fnmatch() on\nuntrusted matching patterns. (CVE-2010-1917)\n\nA NULL pointer dereference flaw was discovered in the PHP XML-RPC\nextension. A malicious XML-RPC client or server could use this flaw to\ncrash the PHP interpreter via a specially crafted XML-RPC request.\n(CVE-2010-0397)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001749.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001750.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"php-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-devel-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-domxml-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-gd-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-imap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ldap-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mbstring-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mysql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ncurses-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-odbc-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pear-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pgsql-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-snmp-4.3.9-3.31\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-xmlrpc-4.3.9-3.31\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"php-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-bcmath-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-cli-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-common-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-dba-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-devel-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-gd-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-imap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ldap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mbstring-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mysql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ncurses-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-odbc-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pdo-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pgsql-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-snmp-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-soap-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xml-5.1.6-27.el5_5.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xmlrpc-5.1.6-27.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:33", "description": "Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)\n\nIt was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1128)\n\nIt was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129)\n\nGrzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1130)\n\nStefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2010-1866)\n\nMateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges.\n(CVE-2010-1868)\n\nMateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. (CVE-2010-1917)\n\nStefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2010-2094, CVE-2010-2950)\n\nStefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. (CVE-2010-2225)\n\nIt was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. (CVE-2010-2531)\n\nStefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables. (CVE-2010-3065).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-09-21T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1866", "CVE-2010-1868", "CVE-2010-1917", "CVE-2010-2094", "CVE-2010-2225", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3065"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter", "p-cpe:/a:canonical:ubuntu_linux:php-pear", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-dbg", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-enchant", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-gmp", "p-cpe:/a:canonical:ubuntu_linux:php5-intl", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-pspell", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-tidy", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-989-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49306);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1917\", \"CVE-2010-2094\", \"CVE-2010-2225\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3065\");\n script_bugtraq_id(38182, 38430, 38431, 38708, 39877, 40013, 40173, 40948, 41991);\n script_xref(name:\"USN\", value:\"989-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Auke van Slooten discovered that PHP incorrectly handled certain\nxmlrpc requests. An attacker could exploit this issue to cause the PHP\nserver to crash, resulting in a denial of service. This issue only\naffected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)\n\nIt was discovered that the pseudorandom number generator in PHP did\nnot provide the expected entropy. An attacker could exploit this issue\nto predict values that were intended to be random, such as session\ncookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and\n9.10. (CVE-2010-1128)\n\nIt was discovered that PHP did not properly handle directory pathnames\nthat lacked a trailing slash character. An attacker could exploit this\nissue to bypass safe_mode restrictions. This issue only affected\nUbuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129)\n\nGrzegorz Stachowiak discovered that the PHP session extension did not\nproperly handle semicolon characters. An attacker could exploit this\nissue to bypass safe_mode restrictions. This issue only affected\nUbuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1130)\n\nStefan Esser discovered that PHP incorrectly decoded remote HTTP\nchunked encoding streams. An attacker could exploit this issue to\ncause the PHP server to crash and possibly execute arbitrary code with\napplication privileges. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2010-1866)\n\nMateusz Kocielski discovered that certain PHP SQLite functions\nincorrectly handled empty SQL queries. An attacker could exploit this\nissue to possibly execute arbitrary code with application privileges.\n(CVE-2010-1868)\n\nMateusz Kocielski discovered that PHP incorrectly handled certain\narguments to the fnmatch function. An attacker could exploit this flaw\nand cause the PHP server to consume all available stack memory,\nresulting in a denial of service. (CVE-2010-1917)\n\nStefan Esser discovered that PHP incorrectly handled certain strings\nin the phar extension. An attacker could exploit this flaw to possibly\nview sensitive information. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2010-2094, CVE-2010-2950)\n\nStefan Esser discovered that PHP incorrectly handled deserialization\nof SPLObjectStorage objects. A remote attacker could exploit this\nissue to view sensitive information and possibly execute arbitrary\ncode with application privileges. This issue only affected Ubuntu 8.04\nLTS, 9.04, 9.10 and 10.04 LTS. (CVE-2010-2225)\n\nIt was discovered that PHP incorrectly filtered error messages when\nlimits for memory, execution time, or recursion were exceeded. A\nremote attacker could exploit this issue to possibly view sensitive\ninformation. (CVE-2010-2531)\n\nStefan Esser discovered that the PHP session serializer incorrectly\nhandled the PS_UNDEF_MARKER marker. An attacker could exploit this\nissue to alter arbitrary session variables. (CVE-2010-3065).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/989-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-curl\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-dev\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gd\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-recode\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.4-2ubuntu5.12\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php-pear\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-cli\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-common\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-curl\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-dbg\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-dev\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-gd\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-recode\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php-pear\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cli\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-common\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-curl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dbg\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dev\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gd\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-ldap\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mhash\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mysql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-odbc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pgsql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pspell\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-recode\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-snmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sqlite\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sybase\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-tidy\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xsl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php-pear\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-curl\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-dbg\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-dev\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-enchant\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-gd\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-gmp\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-intl\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-ldap\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-mysql\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-odbc\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-pgsql\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-pspell\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-recode\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-snmp\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-sqlite\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-sybase\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-tidy\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-xsl\", pkgver:\"5.3.2-1ubuntu4.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php5filter / php-pear / php5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:29:43", "description": "Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource destruction issues in shm_put_var(). * Fixed a possible information leak because of interruption of XOR operator. * Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks. * Fixed a possible memory corruption in ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). * Fixed a possible memory corruption in pack(). * Fixed a possible memory corruption in substr_replace(). * Fixed a possible memory corruption in addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory access inside sqlite extension. * Fixed string format validation inside phar extension. * Fixed handling of session variable serialization on certain prefix characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows when handling error packets in mysqlnd. Full upstream Changelog: http://www.php.net/ChangeLog-5.php#5.3.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "Fedora 13 : maniadrive-1.2-22.fc13 / php-5.3.3-1.fc13 / php-eaccelerator-0.9.6.1-2.fc13 (2010-11481)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2190", "CVE-2010-2225", "CVE-2010-2531"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-11481.NASL", "href": "https://www.tenable.com/plugins/nessus/48412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11481.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48412);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2190\", \"CVE-2010-2225\");\n script_bugtraq_id(38708, 40948, 41991);\n script_xref(name:\"FEDORA\", value:\"2010-11481\");\n\n script_name(english:\"Fedora 13 : maniadrive-1.2-22.fc13 / php-5.3.3-1.fc13 / php-eaccelerator-0.9.6.1-2.fc13 (2010-11481)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: *\nRewrote var_export() to use smart_str rather than output buffering,\nprevents data disclosure if a fatal error occurs (CVE-2010-2531). *\nFixed a possible resource destruction issues in shm_put_var(). * Fixed\na possible information leak because of interruption of XOR operator. *\nFixed a possible memory corruption because of unexpected call-time\npass by refernce and following memory clobbering through callbacks. *\nFixed a possible memory corruption in ArrayObject::uasort(). * Fixed a\npossible memory corruption in parse_str(). * Fixed a possible memory\ncorruption in pack(). * Fixed a possible memory corruption in\nsubstr_replace(). * Fixed a possible memory corruption in\naddcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). *\nFixed a possible dechunking filter buffer overflow. * Fixed a possible\narbitrary memory access inside sqlite extension. * Fixed string format\nvalidation inside phar extension. * Fixed handling of session variable\nserialization on certain prefix characters. * Fixed a NULL pointer\ndereference when processing invalid XML-RPC requests (Fixes\nCVE-2010-0397, bug #51288). * Fixed SplObjectStorage unserialization\nproblems (CVE-2010-2225). * Fixed possible buffer overflows in\nmysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer\noverflows when handling error packets in mysqlnd. Full upstream\nChangelog: http://www.php.net/ChangeLog-5.php#5.3.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617232\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55eac0ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046022.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6846dc20\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc90da11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"maniadrive-1.2-22.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-5.3.3-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-eaccelerator-0.9.6.1-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:45", "description": "Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource destruction issues in shm_put_var(). * Fixed a possible information leak because of interruption of XOR operator. * Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks. * Fixed a possible memory corruption in ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). * Fixed a possible memory corruption in pack(). * Fixed a possible memory corruption in substr_replace(). * Fixed a possible memory corruption in addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory access inside sqlite extension. * Fixed string format validation inside phar extension. * Fixed handling of session variable serialization on certain prefix characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows when handling error packets in mysqlnd. Full upstream Changelog: http://www.php.net/ChangeLog-5.php#5.3.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2190", "CVE-2010-2225", "CVE-2010-2531"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11428.NASL", "href": "https://www.tenable.com/plugins/nessus/48411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11428.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48411);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2190\", \"CVE-2010-2225\");\n script_bugtraq_id(38708, 40948, 41991);\n script_xref(name:\"FEDORA\", value:\"2010-11428\");\n\n script_name(english:\"Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: *\nRewrote var_export() to use smart_str rather than output buffering,\nprevents data disclosure if a fatal error occurs (CVE-2010-2531). *\nFixed a possible resource destruction issues in shm_put_var(). * Fixed\na possible information leak because of interruption of XOR operator. *\nFixed a possible memory corruption because of unexpected call-time\npass by refernce and following memory clobbering through callbacks. *\nFixed a possible memory corruption in ArrayObject::uasort(). * Fixed a\npossible memory corruption in parse_str(). * Fixed a possible memory\ncorruption in pack(). * Fixed a possible memory corruption in\nsubstr_replace(). * Fixed a possible memory corruption in\naddcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). *\nFixed a possible dechunking filter buffer overflow. * Fixed a possible\narbitrary memory access inside sqlite extension. * Fixed string format\nvalidation inside phar extension. * Fixed handling of session variable\nserialization on certain prefix characters. * Fixed a NULL pointer\ndereference when processing invalid XML-RPC requests (Fixes\nCVE-2010-0397, bug #51288). * Fixed SplObjectStorage unserialization\nproblems (CVE-2010-2225). * Fixed possible buffer overflows in\nmysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer\noverflows when handling error packets in mysqlnd. Full upstream\nChangelog: http://www.php.net/ChangeLog-5.php#5.3.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617232\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046046.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?207c9d7f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d159d4b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6afce4cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"maniadrive-1.2-22.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"php-5.3.3-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"php-eaccelerator-0.9.6.1-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:43", "description": "This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1.\n\nSecurity Enhancements and Fixes in PHP 5.3.3 :\n\n - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n\n - Fixed a possible resource destruction issues in shm_put_var().\n\n - Fixed a possible information leak because of interruption of XOR operator.\n\n - Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.\n\n - Fixed a possible memory corruption in ArrayObject::uasort().\n\n - Fixed a possible memory corruption in parse_str().\n\n - Fixed a possible memory corruption in pack().\n\n - Fixed a possible memory corruption in substr_replace().\n\n - Fixed a possible memory corruption in addcslashes().\n\n - Fixed a possible stack exhaustion inside fnmatch().\n\n - Fixed a possible dechunking filter buffer overflow.\n\n - Fixed a possible arbitrary memory access inside sqlite extension.\n\n - Fixed string format validation inside phar extension.\n\n - Fixed handling of session variable serialization on certain prefix characters.\n\n - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).\n\n - Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n\n - Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.\n\n - Fixed possible buffer overflows when handling error packets in mysqlnd.\n\nAdditionally some of the third-party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2010:140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-2225", "CVE-2010-2531"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64mbfl-devel", "p-cpe:/a:mandriva:linux:lib64mbfl1", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libmbfl-devel", "p-cpe:/a:mandriva:linux:libmbfl1", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql"], "id": "MANDRIVA_MDVSA-2010-140.NASL", "href": "https://www.tenable.com/plugins/nessus/48198", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:140. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48198);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2531\");\n script_xref(name:\"MDVSA\", value:\"2010:140\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2010:140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a maintenance and security update that upgrades php to 5.3.3\nfor 2010.0/2010.1.\n\nSecurity Enhancements and Fixes in PHP 5.3.3 :\n\n - Rewrote var_export() to use smart_str rather than output\n buffering, prevents data disclosure if a fatal error\n occurs (CVE-2010-2531).\n\n - Fixed a possible resource destruction issues in\n shm_put_var().\n\n - Fixed a possible information leak because of\n interruption of XOR operator.\n\n - Fixed a possible memory corruption because of unexpected\n call-time pass by refernce and following memory\n clobbering through callbacks.\n\n - Fixed a possible memory corruption in\n ArrayObject::uasort().\n\n - Fixed a possible memory corruption in parse_str().\n\n - Fixed a possible memory corruption in pack().\n\n - Fixed a possible memory corruption in\n substr_replace().\n\n - Fixed a possible memory corruption in addcslashes().\n\n - Fixed a possible stack exhaustion inside fnmatch().\n\n - Fixed a possible dechunking filter buffer overflow.\n\n - Fixed a possible arbitrary memory access inside sqlite\n extension.\n\n - Fixed string format validation inside phar extension.\n\n - Fixed handling of session variable serialization on\n certain prefix characters.\n\n - Fixed a NULL pointer dereference when processing invalid\n XML-RPC requests (Fixes CVE-2010-0397, bug #51288).\n\n - Fixed SplObjectStorage unserialization problems\n (CVE-2010-2225).\n\n - Fixed possible buffer overflows in\n mysqlnd_list_fields, mysqlnd_change_user.\n\n - Fixed possible buffer overflows when handling error\n packets in mysqlnd.\n\nAdditionally some of the third-party extensions and required\ndependencies has been upgraded and/or rebuilt for the new php version.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmbfl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmbfl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_php-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mbfl-devel-1.1.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mbfl1-1.1.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmbfl-devel-1.1.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmbfl1-1.1.0-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-3.1.3p1-2.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-admin-3.1.3p1-2.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dio-0.0.2-6.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-0.9.6.1-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fam-5.0.1-10.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filepro-5.1.6-20.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fpm-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-idn-1.2b-18.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ini-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mailparse-2.1.5-3.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcal-0.6-30.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-optimizer-0.1-0.alpha2.3.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sasl-0.1.0-28.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ssh2-0.11.1-0.20090208.4.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-suhosin-0.9.32.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tclink-3.4.5-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-timezonedb-2010.9-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-translit-0.6.0-10.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-vld-0.10.1-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xattr-1.1.0-9.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xdebug-2.1.0-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.3-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64mbfl-devel-1.1.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64mbfl1-1.1.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmbfl-devel-1.1.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmbfl1-1.1.0-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.3p1-8.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.3p1-8.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.0.r295852.1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ini-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.1-0.20090208.8.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2010.9-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.0-15.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.0-0.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.3-0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:21:20", "description": "Multiple vulnerabilities has been found and corrected in php :\n\n - Improved LCG entropy. (Rasmus, Samy Kamkar) (CVE-2010-1128)\n\n - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) (CVE-2010-1129)\n\n - Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak.\n (Ilia) (CVE-2010-1130)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers.\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2010-03-11T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2010:058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-simplexml", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0"], "id": "MANDRIVA_MDVSA-2010-058.NASL", "href": "https://www.tenable.com/plugins/nessus/45029", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:058. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45029);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\");\n script_bugtraq_id(38182, 38430, 38431);\n script_xref(name:\"MDVSA\", value:\"2010:058\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2010:058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in php :\n\n - Improved LCG entropy. (Rasmus, Samy Kamkar)\n (CVE-2010-1128)\n\n - Fixed safe_mode validation inside tempnam() when the\n directory path does not end with a /). (Martin Jansen)\n (CVE-2010-1129)\n\n - Fixed a possible open_basedir/safe_mode bypass in the\n session extension identified by Grzegorz Stachowiak.\n (Ilia) (CVE-2010-1130)\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.2.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-simplexml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bcmath-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bz2-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-calendar-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cgi-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cli-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ctype-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-curl-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dba-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dbase-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-devel-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dom-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-exif-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fcgi-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-filter-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ftp-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gd-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gettext-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gmp-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-hash-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-iconv-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-imap-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-json-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ldap-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mbstring-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mcrypt-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mhash-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mime_magic-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ming-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mssql-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysql-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysqli-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ncurses-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-odbc-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-openssl-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pcntl-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_dblib-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_mysql-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_odbc-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_pgsql-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_sqlite-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pgsql-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-posix-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pspell-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-readline-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-recode-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-session-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-shmop-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-simplexml-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-snmp-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-soap-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sockets-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sqlite-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvmsg-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvsem-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvshm-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tidy-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tokenizer-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-wddx-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xml-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlreader-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlrpc-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlwriter-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xsl-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-zlib-5.2.4-3.9mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bcmath-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bz2-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-calendar-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cgi-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cli-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ctype-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-curl-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dba-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbase-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-devel-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dom-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-exif-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fcgi-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filter-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ftp-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gd-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gettext-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gmp-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-hash-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-iconv-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-imap-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-json-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ldap-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mbstring-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcrypt-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mhash-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mime_magic-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ming-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mssql-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysql-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysqli-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ncurses-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-odbc-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-openssl-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pcntl-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_dblib-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_mysql-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_odbc-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_pgsql-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_sqlite-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pgsql-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-posix-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pspell-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-readline-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-recode-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-session-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-shmop-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-snmp-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-soap-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sockets-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sqlite-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sybase-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvmsg-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvsem-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvshm-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tidy-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tokenizer-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-wddx-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xml-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlreader-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlrpc-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlwriter-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xsl-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zlib-5.2.6-18.13mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bcmath-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bz2-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-calendar-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cgi-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cli-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ctype-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-curl-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dba-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dbase-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-devel-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dom-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-exif-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fcgi-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-filter-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ftp-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gd-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gettext-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gmp-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-hash-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-iconv-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-imap-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-json-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ldap-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mbstring-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mcrypt-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mhash-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mime_magic-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ming-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mssql-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysql-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysqli-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ncurses-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-odbc-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-openssl-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pcntl-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_dblib-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_mysql-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_odbc-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_pgsql-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_sqlite-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pgsql-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-posix-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pspell-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-readline-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-recode-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-session-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-shmop-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-snmp-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-soap-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sockets-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sqlite-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sybase-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvmsg-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvsem-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvshm-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tidy-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tokenizer-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-wddx-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xml-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlreader-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlrpc-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlwriter-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xsl-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zip-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zlib-5.2.11-0.5mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.1-0.3mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:19:23", "description": "According to its banner, the version of PHP installed on the remote host is older than 5.3.2 / 5.2.13. Such versions may be affected by several security issues :\n\n - Directory paths not ending with '/' may not be correctly validated inside 'tempnam()' in 'safe_mode' configuration.\n\n - It may be possible to bypass the 'open_basedir'/ 'safe_mode' configuration restrictions due to an error in session extensions.\n\n - An unspecified vulnerability affects the LCG entropy.", "cvss3": {}, "published": "2010-02-26T00:00:00", "type": "nessus", "title": "PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_2_13.NASL", "href": "https://www.tenable.com/plugins/nessus/44921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44921);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\");\n script_bugtraq_id(38182, 38430, 38431);\n script_xref(name:\"SECUNIA\", value:\"38708\");\n\n script_name(english:\"PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 5.3.2 / 5.2.13. Such versions may be affected by\nseveral security issues :\n\n - Directory paths not ending with '/' may not be\n correctly validated inside 'tempnam()' in \n 'safe_mode' configuration.\n\n - It may be possible to bypass the 'open_basedir'/ \n 'safe_mode' configuration restrictions due to an\n error in session extensions.\n\n - An unspecified vulnerability affects the LCG entropy.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/achievement_securityalert/82\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/securityalert/7008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/Feb/208\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_2.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_13.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.2.13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.2 / 5.2.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^[0-4]\\.\" ||\n version =~ \"^5\\.[01]\\.\" ||\n version =~ \"^5\\.2\\.([0-9]|1[0-2])($|[^0-9])\" ||\n version =~ \"^5\\.3\\.[01]($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.2 / 5.2.13\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:04:13", "description": "This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1.\n\nSecurity Enhancements and Fixes in PHP 5.2.14 :\n\n - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n\n - Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)\n\n - Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().\n\n - Fixed a possible memory corruption in substr_replace().\n\n - Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n\n - Fixed a possible stack exaustion inside fnmatch().\n\n - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).\n\n - Fixed handling of session variable serialization on certain prefix characters.\n\n - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.\n\nAdditionally some of the third-party extensions has been upgraded and/or rebuilt for the new php version.\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2010:139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-dbx", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-yp", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2010-139.NASL", "href": "https://www.tenable.com/plugins/nessus/48197", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:139. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48197);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\");\n script_xref(name:\"MDVSA\", value:\"2010:139\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2010:139)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a maintenance and security update that upgrades php to 5.2.14\nfor CS4/MES5/2008.0/2009.0/2009.1.\n\nSecurity Enhancements and Fixes in PHP 5.2.14 :\n\n - Rewrote var_export() to use smart_str rather than output\n buffering, prevents data disclosure if a fatal error\n occurs (CVE-2010-2531).\n\n - Fixed a possible interruption array leak in\n strrchr().(CVE-2010-2484)\n\n - Fixed a possible interruption array leak in strchr(),\n strstr(), substr(), chunk_split(), strtok(),\n addcslashes(), str_repeat(), trim().\n\n - Fixed a possible memory corruption in substr_replace().\n\n - Fixed SplObjectStorage unserialization problems\n (CVE-2010-2225).\n\n - Fixed a possible stack exaustion inside fnmatch().\n\n - Fixed a NULL pointer dereference when processing\n invalid XML-RPC requests (Fixes CVE-2010-0397, bug\n #51288).\n\n - Fixed handling of session variable serialization on\n certain prefix characters.\n\n - Fixed a possible arbitrary memory access inside sqlite\n extension. Reported by Mateusz Kocielski.\n\nAdditionally some of the third-party extensions has been upgraded\nand/or rebuilt for the new php version.\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.2.14\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_php-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bcmath-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bz2-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-calendar-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cgi-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cli-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ctype-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-curl-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dba-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dbase-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dbx-1.1.0-17.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-devel-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dio-0.1-16.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dom-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-eaccelerator-0.9.6.1-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-exif-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fam-0.1-17.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fcgi-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fileinfo-1.0.4-7.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-filepro-5.1.6-9.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-filter-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ftp-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gd-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gettext-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gmp-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-hash-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-iconv-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-idn-1.2b-7.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-imap-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ini-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-json-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ldap-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mailparse-2.1.5-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mbstring-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mcal-0.6-18.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mcrypt-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mhash-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mime_magic-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ming-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mssql-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysql-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysqli-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ncurses-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-odbc-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-openssl-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pcntl-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_dblib-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_mysql-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_odbc-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_pgsql-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_sqlite-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pgsql-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-posix-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pspell-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-readline-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-recode-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sasl-0.1.0-17.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-session-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-shmop-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-snmp-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-soap-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sockets-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sqlite-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ssh2-0.11.0-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-suhosin-0.9.32.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sybase-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvmsg-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvsem-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvshm-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tclink-3.4.0-18.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tidy-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-timezonedb-2010.9-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tokenizer-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-translit-0.6.0-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-wddx-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xattr-1.0-18.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xdebug-2.0.5-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xml-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlreader-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlrpc-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlwriter-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xsl-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-yp-5.2.3-4.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-zip-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-zlib-5.2.14-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_php-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-apc-3.1.3p1-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-apc-admin-3.1.3p1-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bcmath-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bz2-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-calendar-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cgi-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cli-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ctype-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-curl-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dba-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbase-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbx-1.1.0-22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-devel-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dio-0.1-21.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dom-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-eaccelerator-0.9.6.1-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-exif-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fam-5.0.1-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fcgi-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fileinfo-1.0.4-12.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filepro-5.1.6-13.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filter-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ftp-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gd-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gettext-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gmp-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-hash-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-iconv-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-idn-1.2b-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-imap-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ini-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-json-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ldap-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mailparse-2.1.5-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mbstring-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcal-0.6-23.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcrypt-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mhash-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mime_magic-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ming-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mssql-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysql-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysqli-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ncurses-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-odbc-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-openssl-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-optimizer-0.1-0.alpha1.1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pcntl-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_dblib-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_mysql-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_odbc-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_pgsql-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_sqlite-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pgsql-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-posix-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pspell-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-readline-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-recode-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sasl-0.1.0-21.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-session-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-shmop-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-snmp-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-soap-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sockets-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sqlite-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ssh2-0.11.0-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-suhosin-0.9.32.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sybase-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvmsg-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvsem-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvshm-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tclink-3.4.4-6.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tidy-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tokenizer-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-translit-0.6.0-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-vld-0.10.1-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-wddx-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xattr-1.1.0-2.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xdebug-2.0.5-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xml-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlreader-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlrpc-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlwriter-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xsl-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zip-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zlib-5.2.14-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_php-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-apc-3.1.3p1-0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-apc-admin-3.1.3p1-0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bcmath-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bz2-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-calendar-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cgi-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cli-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ctype-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-curl-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dba-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dbase-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dbx-1.1.0-26.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-devel-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dio-0.0.2-3.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dom-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-eaccelerator-0.9.6.1-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-eaccelerator-admin-0.9.6.1-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-exif-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fam-5.0.1-7.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fcgi-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fileinfo-1.0.4-15.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-filepro-5.1.6-17.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-filter-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ftp-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gd-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gettext-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gmp-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-hash-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-iconv-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-idn-1.2b-15.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-imap-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ini-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-json-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ldap-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mbstring-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mcal-0.6-27.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mcrypt-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mhash-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mime_magic-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ming-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mssql-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysql-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysqli-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ncurses-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-odbc-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-openssl-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-optimizer-0.1-0.alpha1.5.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pcntl-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_dblib-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_mysql-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_odbc-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_pgsql-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_sqlite-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pgsql-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-posix-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pspell-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-readline-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-recode-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sasl-0.1.0-25.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-session-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-shmop-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-snmp-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-soap-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sockets-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sqlite-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ssh2-0.11.0-2.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-suhosin-0.9.32.1-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sybase-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvmsg-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvsem-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvshm-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tclink-3.4.4-10.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tidy-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tokenizer-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-translit-0.6.0-7.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-vld-0.10.1-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-wddx-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xattr-1.1.0-6.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xdebug-2.0.5-0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xml-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlreader-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlrpc-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlwriter-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xsl-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zip-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zlib-5.2.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:29:36", "description": "According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.3. Such versions may be affected by several security issues :\n\n - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. (bug #51288) (CVE-2010-0397)\n\n - An error exists in the function 'shm_put_var' that is related to resource destruction.\n\n - An error exists in the function 'fnmatch' that can lead to stack exhaustion. (CVE-2010-1917)\n\n - A memory corruption error exists related to call-time pass by reference and callbacks.\n\n - The dechunking filter is vulnerable to buffer overflow.\n\n - An error exists in the sqlite extension that could allow arbitrary memory access.\n\n - An error exists in the 'phar' extension related to string format validation.\n\n - The functions 'mysqlnd_list_fields' and 'mysqlnd_change_user' are vulnerable to buffer overflow.\n\n - The Mysqlnd extension is vulnerable to buffer overflow attack when handling error packets.\n\n - The following functions are not properly protected against function interruptions :\n\n addcslashes, chunk_split, html_entity_decode, iconv_mime_decode, iconv_substr, iconv_mime_encode, htmlentities, htmlspecialchars, str_getcsv, http_build_query, strpbrk, strtr, str_pad, str_word_count, wordwrap, strtok, setcookie, strip_tags, trim, ltrim, rtrim, substr_replace, parse_str, pack, unpack, uasort, preg_match, strrchr (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)\n\n - The following opcodes are not properly protected against function interruptions :\n\n ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW, XOR (CVE-2010-2191)\n\n - The default session serializer contains an error that can be exploited when assigning session variables having user defined names. Arbitrary serialized values can be injected into sessions by including the PS_UNDEF_MARKER, '!', character in variable names.\n\n - A use-after-free error exists in the function 'spl_object_storage_attach'. (CVE-2010-2225)\n\n - An information disclosure vulnerability exists in the function 'var_export' when handling certain error conditions. (CVE-2010-2531)", "cvss3": {}, "published": "2010-08-04T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1581", "CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1917", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_3.NASL", "href": "https://www.tenable.com/plugins/nessus/48245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48245);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-1581\",\n \"CVE-2010-0397\",\n \"CVE-2010-1860\",\n \"CVE-2010-1862\",\n \"CVE-2010-1864\",\n \"CVE-2010-1917\",\n \"CVE-2010-2097\",\n \"CVE-2010-2100\",\n \"CVE-2010-2101\",\n \"CVE-2010-2190\",\n \"CVE-2010-2191\",\n \"CVE-2010-2225\",\n \"CVE-2010-2484\",\n \"CVE-2010-2531\",\n \"CVE-2010-3062\",\n \"CVE-2010-3063\",\n \"CVE-2010-3064\",\n \"CVE-2010-3065\"\n );\n script_bugtraq_id(\n 38708,\n 40461,\n 40948,\n 41991\n );\n script_xref(name:\"SECUNIA\", value:\"39675\");\n script_xref(name:\"SECUNIA\", value:\"40268\");\n\n script_name(english:\"PHP 5.3 < 5.3.3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3 installed on the\nremote host is older than 5.3.3. Such versions may be affected by\nseveral security issues :\n\n - An error exists when processing invalid XML-RPC \n requests that can lead to a NULL pointer\n dereference. (bug #51288) (CVE-2010-0397)\n\n - An error exists in the function 'shm_put_var' that\n is related to resource destruction.\n\n - An error exists in the function 'fnmatch' that can lead\n to stack exhaustion. (CVE-2010-1917)\n\n - A memory corruption error exists related to call-time\n pass by reference and callbacks.\n\n - The dechunking filter is vulnerable to buffer overflow.\n\n - An error exists in the sqlite extension that could \n allow arbitrary memory access.\n\n - An error exists in the 'phar' extension related to \n string format validation.\n\n - The functions 'mysqlnd_list_fields' and \n 'mysqlnd_change_user' are vulnerable to buffer overflow.\n\n - The Mysqlnd extension is vulnerable to buffer overflow\n attack when handling error packets.\n\n - The following functions are not properly protected\n against function interruptions :\n\n addcslashes, chunk_split, html_entity_decode, \n iconv_mime_decode, iconv_substr, iconv_mime_encode,\n htmlentities, htmlspecialchars, str_getcsv,\n http_build_query, strpbrk, strtr, str_pad,\n str_word_count, wordwrap, strtok, setcookie, \n strip_tags, trim, ltrim, rtrim, substr_replace,\n parse_str, pack, unpack, uasort, preg_match, strrchr\n (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,\n CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,\n CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)\n\n - The following opcodes are not properly protected \n against function interruptions :\n\n ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW, XOR\n (CVE-2010-2191)\n\n - The default session serializer contains an error\n that can be exploited when assigning session\n variables having user defined names. Arbitrary\n serialized values can be injected into sessions by\n including the PS_UNDEF_MARKER, '!', character in\n variable names.\n\n - A use-after-free error exists in the function\n 'spl_object_storage_attach'. (CVE-2010-2225)\n\n - An information disclosure vulnerability exists in the\n function 'var_export' when handling certain error \n conditions. (CVE-2010-2531)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_3.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-1581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.3\\.[0-2]($|[^0-9])\") \n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.3\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:39:59", "description": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. (CVE-2011-1071)", "cvss3": {}, "published": "2014-11-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4782", "CVE-2010-1917", "CVE-2010-2898", "CVE-2011-1071"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15885.NASL", "href": "https://www.tenable.com/plugins/nessus/79606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15885.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79606);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2007-4782\", \"CVE-2010-1917\", \"CVE-2010-2898\", \"CVE-2011-1071\");\n script_bugtraq_id(26403, 41991, 46563);\n\n script_name(english:\"F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded\nGLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary\ncode or cause a denial of service (memory consumption) via a long UTF8\nstring that is used in an fnmatch call, aka a 'stack extension\nattack,' a related issue to CVE-2010-2898, CVE-2010-1917, and\nCVE-2007-4782, as originally reported for use of this library by\nGoogle Chrome. (CVE-2011-1071)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15885\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15885.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15885\";\nvmatrix = make_array();\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:33:12", "description": "PHP was updated to version 5.2.14 to fix serveral security issues :\n\n - CVE-2010-1860\n\n - CVE-2010-1862\n\n - CVE-2010-1864\n\n - CVE-2010-1914\n\n - CVE-2010-1915\n\n - CVE-2010-1917\n\n - CVE-2010-2093\n\n - CVE-2010-2094\n\n - CVE-2010-2097\n\n - CVE-2010-2100\n\n - CVE-2010-2101\n\n - CVE-2010-2190\n\n - CVE-2010-2191\n\n - CVE-2010-2225\n\n - CVE-2010-2484\n\n - CVE-2010-2531\n\n - CVE-2010-3062\n\n - CVE-2010-3063\n\n - CVE-2010-3064\n\n - CVE-2010-3065", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/49830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49830);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1860\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to version 5.2.14 to fix serveral security issues :\n\n - CVE-2010-1860\n\n - CVE-2010-1862\n\n - CVE-2010-1864\n\n - CVE-2010-1914\n\n - CVE-2010-1915\n\n - CVE-2010-1917\n\n - CVE-2010-2093\n\n - CVE-2010-2094\n\n - CVE-2010-2097\n\n - CVE-2010-2100\n\n - CVE-2010-2101\n\n - CVE-2010-2190\n\n - CVE-2010-2191\n\n - CVE-2010-2225\n\n - CVE-2010-2484\n\n - CVE-2010-2531\n\n - CVE-2010-3062\n\n - CVE-2010-3063\n\n - CVE-2010-3064\n\n - CVE-2010-3065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1860.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1862.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1915.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1917.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2190.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2225.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3065.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7110.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-mod_php5-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-bcmath-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-bz2-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-calendar-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ctype-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-curl-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dba-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dbase-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-devel-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dom-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-exif-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-fastcgi-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ftp-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gd-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gettext-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gmp-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-hash-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-iconv-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-imap-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-json-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ldap-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mbstring-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mcrypt-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mhash-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mysql-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ncurses-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-odbc-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-openssl-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pcntl-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pdo-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pear-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pgsql-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-posix-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pspell-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-shmop-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-snmp-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-soap-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sockets-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sqlite-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-suhosin-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvmsg-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvsem-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvshm-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-tokenizer-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-wddx-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xmlreader-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xmlrpc-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xsl-5.2.14-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-zlib-5.2.14-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:10", "description": "PHP was updated to version 5.2.14 to fix several security issues :\n\n- [CVE-2010-1860](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1860)\n\n- [CVE-2010-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1862)\n\n- [CVE-2010-1864](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1864)\n\n- [CVE-2010-1914](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1914)\n\n- [CVE-2010-1915](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1915)\n\n- [CVE-2010-1917](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1917)\n\n- [CVE-2010-2093](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2093)\n\n- [CVE-2010-2094](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2094)\n\n- [CVE-2010-2097](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2097)\n\n- [CVE-2010-2100](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2100)\n\n- [CVE-2010-2101](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2101)\n\n- [CVE-2010-2190](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2190)\n\n- [CVE-2010-2191](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2191)\n\n- [CVE-2010-2225](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2225)\n\n- [CVE-2010-2484](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2484)\n\n- [CVE-2010-2531](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2531)\n\n- [CVE-2010-3062](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3062)\n\n- [CVE-2010-3063](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3063)\n\n- [CVE-2010-3064](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3064)\n\n- [CVE-2010-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3065)", "cvss3": {}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zlib", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-iconv"], "id": "SUSE_11_1_APACHE2-MOD_PHP5-100928.NASL", "href": "https://www.tenable.com/plugins/nessus/49752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-3213.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49752);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1860\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-3213 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to version 5.2.14 to fix several security issues :\n\n- [CVE-2010-1860](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1860)\n\n- [CVE-2010-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1862)\n\n- [CVE-2010-1864](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1864)\n\n- [CVE-2010-1914](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1914)\n\n- [CVE-2010-1915](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1915)\n\n- [CVE-2010-1917](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-1917)\n\n- [CVE-2010-2093](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2093)\n\n- [CVE-2010-2094](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2094)\n\n- [CVE-2010-2097](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2097)\n\n- [CVE-2010-2100](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2100)\n\n- [CVE-2010-2101](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2101)\n\n- [CVE-2010-2190](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2190)\n\n- [CVE-2010-2191](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2191)\n\n- [CVE-2010-2225](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2225)\n\n- [CVE-2010-2484](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2484)\n\n- [CVE-2010-2531](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-2531)\n\n- [CVE-2010-3062](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-3062)\n\n- [CVE-2010-3063](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-3063)\n\n- [CVE-2010-3064](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-3064)\n\n- [CVE-2010-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?nam\ne=CVE-2010-3065)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?nam\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=616232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=636923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00053.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-mod_php5-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bcmath-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bz2-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-calendar-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ctype-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-curl-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dba-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dbase-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-devel-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dom-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-exif-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-fastcgi-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ftp-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gd-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gettext-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gmp-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-hash-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-iconv-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-imap-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-json-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ldap-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mbstring-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mcrypt-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mysql-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ncurses-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-odbc-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-openssl-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pcntl-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pdo-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pear-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pgsql-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-posix-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pspell-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-readline-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-shmop-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-snmp-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-soap-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sockets-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sqlite-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-suhosin-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvmsg-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvsem-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvshm-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tidy-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tokenizer-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-wddx-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlreader-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlrpc-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlwriter-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xsl-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zip-5.2.14-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zlib-5.2.14-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:42", "description": "PHP was updated to version 5.2.14 to fix serveral security issues :\n\n - CVE-2010-1860\n\n - CVE-2010-1862\n\n - CVE-2010-1864\n\n - CVE-2010-1914\n\n - CVE-2010-1915\n\n - CVE-2010-1917\n\n - CVE-2010-2093\n\n - CVE-2010-2094\n\n - CVE-2010-2097\n\n - CVE-2010-2100\n\n - CVE-2010-2101\n\n - CVE-2010-2190\n\n - CVE-2010-2191\n\n - CVE-2010-2225\n\n - CVE-2010-2484\n\n - CVE-2010-2531\n\n - CVE-2010-3062\n\n - CVE-2010-3063\n\n - CVE-2010-3064\n\n - CVE-2010-3065", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:11:php5", "p-cpe:/a:novell:suse_linux:11:php5-bcmath", "p-cpe:/a:novell:suse_linux:11:php5-bz2", "p-cpe:/a:novell:suse_linux:11:php5-calendar", "p-cpe:/a:novell:suse_linux:11:php5-ldap", "p-cpe:/a:novell:suse_linux:11:php5-ctype", "p-cpe:/a:novell:suse_linux:11:php5-mbstring", "p-cpe:/a:novell:suse_linux:11:php5-curl", "p-cpe:/a:novell:suse_linux:11:php5-mcrypt", "p-cpe:/a:novell:suse_linux:11:php5-mysql", "p-cpe:/a:novell:suse_linux:11:php5-dba", "p-cpe:/a:novell:suse_linux:11:php5-odbc", "p-cpe:/a:novell:suse_linux:11:php5-openssl", "p-cpe:/a:novell:suse_linux:11:php5-pcntl", "p-cpe:/a:novell:suse_linux:11:php5-pdo", "p-cpe:/a:novell:suse_linux:11:php5-pear", "p-cpe:/a:novell:suse_linux:11:php5-dbase", "p-cpe:/a:novell:suse_linux:11:php5-pgsql", "p-cpe:/a:novell:suse_linux:11:php5-pspell", "p-cpe:/a:novell:suse_linux:11:php5-shmop", "p-cpe:/a:novell:suse_linux:11:php5-snmp", "p-cpe:/a:novell:suse_linux:11:php5-soap", "p-cpe:/a:novell:suse_linux:11:php5-suhosin", "p-cpe:/a:novell:suse_linux:11:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php5-sysvsem", "p-cpe:/a:novell:suse_linux:11:php5-sysvshm", "p-cpe:/a:novell:suse_linux:11:php5-tokenizer", "p-cpe:/a:novell:suse_linux:11:php5-wddx", "p-cpe:/a:novell:suse_linux:11:php5-xmlreader", "p-cpe:/a:novell:suse_linux:11:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php5-xsl", "p-cpe:/a:novell:suse_linux:11:php5-zip", "p-cpe:/a:novell:suse_linux:11:php5-zlib", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:php5-dom", "p-cpe:/a:novell:suse_linux:11:php5-exif", "p-cpe:/a:novell:suse_linux:11:php5-fastcgi", "p-cpe:/a:novell:suse_linux:11:php5-ftp", "p-cpe:/a:novell:suse_linux:11:php5-gd", "p-cpe:/a:novell:suse_linux:11:php5-gettext", "p-cpe:/a:novell:suse_linux:11:php5-gmp", "p-cpe:/a:novell:suse_linux:11:php5-hash", "p-cpe:/a:novell:suse_linux:11:php5-iconv", "p-cpe:/a:novell:suse_linux:11:php5-json"], "id": "SUSE_11_APACHE2-MOD_PHP5-100805.NASL", "href": "https://www.tenable.com/plugins/nessus/50890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50890);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1860\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to version 5.2.14 to fix serveral security issues :\n\n - CVE-2010-1860\n\n - CVE-2010-1862\n\n - CVE-2010-1864\n\n - CVE-2010-1914\n\n - CVE-2010-1915\n\n - CVE-2010-1917\n\n - CVE-2010-2093\n\n - CVE-2010-2094\n\n - CVE-2010-2097\n\n - CVE-2010-2100\n\n - CVE-2010-2101\n\n - CVE-2010-2190\n\n - CVE-2010-2191\n\n - CVE-2010-2225\n\n - CVE-2010-2484\n\n - CVE-2010-2531\n\n - CVE-2010-3062\n\n - CVE-2010-3063\n\n - CVE-2010-3064\n\n - CVE-2010-3065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=588975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0397.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1860.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1862.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1866.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1915.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1917.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2190.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2225.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3065.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2880 / 2881 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-mod_php5-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bcmath-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bz2-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-calendar-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ctype-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-curl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dba-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dbase-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dom-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-exif-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-fastcgi-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ftp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gd-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gettext-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gmp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-hash-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-iconv-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-json-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ldap-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mbstring-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mcrypt-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mysql-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-odbc-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-openssl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pcntl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pdo-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pear-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pgsql-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pspell-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-shmop-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-snmp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-soap-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-suhosin-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvmsg-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvsem-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvshm-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-tokenizer-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-wddx-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlreader-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlrpc-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlwriter-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xsl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zip-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zlib-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-mod_php5-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bcmath-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bz2-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-calendar-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ctype-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-curl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dba-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dbase-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dom-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-exif-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-fastcgi-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ftp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gd-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gettext-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gmp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-hash-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-iconv-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-json-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ldap-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mbstring-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mcrypt-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mysql-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-odbc-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-openssl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pcntl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pdo-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pear-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pgsql-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pspell-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-shmop-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-snmp-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-soap-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-suhosin-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvmsg-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvsem-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvshm-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-tokenizer-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-wddx-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlreader-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlrpc-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlwriter-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xsl-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zip-5.2.14-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zlib-5.2.14-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:24:10", "description": "PHP was updated to version 5.3.3 to fix serveral security issues.\n\n(CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zlib", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_APACHE2-MOD_PHP5-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/75429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-2929.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75429);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1860\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-2929 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to version 5.3.3 to fix serveral security issues.\n\n(CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,\nCVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917,\nCVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100,\nCVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225,\nCVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063,\nCVE-2010-3064, CVE-2010-3065)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=588975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=616232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=636923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-mod_php5-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bcmath-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bz2-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-calendar-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ctype-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-curl-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dba-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-devel-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dom-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-enchant-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-exif-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fastcgi-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fileinfo-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ftp-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gd-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gettext-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gmp-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-hash-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-iconv-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-imap-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-intl-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-json-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ldap-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mbstring-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mcrypt-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mysql-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-odbc-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-openssl-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pcntl-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pdo-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pear-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pgsql-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-phar-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-posix-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pspell-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-readline-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-shmop-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-snmp-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-soap-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sockets-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sqlite-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-suhosin-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvmsg-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvsem-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvshm-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tidy-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tokenizer-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-wddx-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlreader-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlrpc-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlwriter-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xsl-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zip-5.3.3-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zlib-5.3.3-0.1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:31:52", "description": "PHP was updated to version 5.3.3 to fix serveral security issues.\n\n(CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065)", "cvss3": {}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zlib", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_APACHE2-MOD_PHP5-100813.NASL", "href": "https://www.tenable.com/plugins/nessus/49210", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-2929.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49210);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1860\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-2929 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to version 5.3.3 to fix serveral security issues.\n\n(CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,\nCVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917,\nCVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100,\nCVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225,\nCVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063,\nCVE-2010-3064, CVE-2010-3065)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=588975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=616232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=636923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"apache2-mod_php5-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-bcmath-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-bz2-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-calendar-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-ctype-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-curl-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-dba-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-devel-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-dom-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-enchant-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-exif-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-fastcgi-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-fileinfo-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-ftp-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-gd-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-gettext-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-gmp-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-hash-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-iconv-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-imap-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-intl-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-json-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-ldap-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-mbstring-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-mcrypt-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-mysql-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-odbc-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-openssl-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-pcntl-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-pdo-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-pear-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-pgsql-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-phar-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-posix-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-pspell-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-readline-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-shmop-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-snmp-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-soap-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-sockets-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-sqlite-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-suhosin-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-sysvmsg-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-sysvsem-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-sysvshm-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-tidy-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-tokenizer-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-wddx-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-xmlreader-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-xmlrpc-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-xmlwriter-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-xsl-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-zip-5.3.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"php5-zlib-5.3.3-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:29:35", "description": "According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues :\n\n - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. (bug #51288) (CVE-2010-0397)\n\n - An error exists in the function 'fnmatch' that can lead to stack exhaustion.\n\n - An error exists in the sqlite extension that could allow arbitrary memory access.\n\n - A memory corruption error exists in the function 'substr_replace'.\n\n - The following functions are not properly protected against function interruptions :\n\n addcslashes, chunk_split, html_entity_decode, iconv_mime_decode, iconv_substr, iconv_mime_encode, htmlentities, htmlspecialchars, str_getcsv, http_build_query, strpbrk, strstr, str_pad, str_word_count, wordwrap, strtok, setcookie, strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack, uasort, preg_match, strrchr, strchr, substr, str_repeat (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)\n\n - The following opcodes are not properly protected against function interruptions :\n\n ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW (CVE-2010-2191)\n\n - The default session serializer contains an error that can be exploited when assigning session variables having user defined names. Arbitrary serialized values can be injected into sessions by including the PS_UNDEF_MARKER, '!', character in variable names.\n\n - A use-after-free error exists in the function 'spl_object_storage_attach'. (CVE-2010-2225)\n\n - An information disclosure vulnerability exists in the function 'var_export' when handling certain error conditions. (CVE-2010-2531)", "cvss3": {}, "published": "2010-08-04T00:00:00", "type": "nessus", "title": "PHP 5.2 < 5.2.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1581", "CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3065"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_2_14.NASL", "href": "https://www.tenable.com/plugins/nessus/48244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48244);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-1581\",\n \"CVE-2010-0397\",\n \"CVE-2010-1860\",\n \"CVE-2010-1862\",\n \"CVE-2010-1864\",\n \"CVE-2010-2097\",\n \"CVE-2010-2100\",\n \"CVE-2010-2101\",\n \"CVE-2010-2190\",\n \"CVE-2010-2191\",\n \"CVE-2010-2225\",\n \"CVE-2010-2484\",\n \"CVE-2010-2531\",\n \"CVE-2010-3065\"\n );\n script_bugtraq_id(38708, 40948, 41991);\n script_xref(name:\"SECUNIA\", value:\"39675\");\n script_xref(name:\"SECUNIA\", value:\"40268\");\n\n script_name(english:\"PHP 5.2 < 5.2.14 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.2 installed on the\nremote host is older than 5.2.14. Such versions may be affected by\nseveral security issues :\n\n - An error exists when processing invalid XML-RPC \n requests that can lead to a NULL pointer\n dereference. (bug #51288) (CVE-2010-0397)\n\n - An error exists in the function 'fnmatch' that can lead\n to stack exhaustion.\n\n - An error exists in the sqlite extension that could \n allow arbitrary memory access.\n\n - A memory corruption error exists in the function\n 'substr_replace'.\n\n - The following functions are not properly protected\n against function interruptions :\n\n addcslashes, chunk_split, html_entity_decode, \n iconv_mime_decode, iconv_substr, iconv_mime_encode,\n htmlentities, htmlspecialchars, str_getcsv,\n http_build_query, strpbrk, strstr, str_pad,\n str_word_count, wordwrap, strtok, setcookie, \n strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack, \n uasort, preg_match, strrchr, strchr, substr, str_repeat\n (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,\n CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,\n CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)\n\n - The following opcodes are not properly protected \n against function interruptions :\n\n ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW\n (CVE-2010-2191)\n\n - The default session serializer contains an error\n that can be exploited when assigning session\n variables having user defined names. Arbitrary\n serialized values can be injected into sessions by\n including the PS_UNDEF_MARKER, '!', character in\n variable names.\n\n - A use-after-free error exists in the function\n 'spl_object_storage_attach'. (CVE-2010-2225)\n\n - An information disclosure vulnerability exists in the\n function 'var_export' when handling certain error \n conditions. (CVE-2010-2531)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_14.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.2.14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.2.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.2\\.([0-9]|1[0-3])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2.14\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:11:20", "description": "According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues :\n\n - Sanity checks are missing in exif processing.\n\n - It is possible to bypass the 'safe_mode' configuration setting using 'tempnam()'.\n\n - It is possible to bypass the 'open_basedir' configuration setting using 'posix_mkfifo()'.\n\n - The 'safe_mode_include_dir' configuration setting may be ignored. (Bug #50063)\n\n - Calling 'popen()' with an invalid mode can cause a crash under Windows. (Bug #44683)\n\n - Provided file uploading is enabled (it is by default), an attacker can upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. By supplying a large number (15,000+) of files, an attacker could cause the web server to stop responding while it processes the file list.\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)\n\n - An unspecified vulnerability affects the LCG entropy.", "cvss3": {}, "published": "2009-11-20T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3557", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4018", "CVE-2010-1128"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_1.NASL", "href": "https://www.tenable.com/plugins/nessus/42862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42862);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2009-3557\",\n \"CVE-2009-3559\",\n \"CVE-2009-4017\",\n \"CVE-2009-4018\",\n \"CVE-2010-1128\"\n );\n script_bugtraq_id(\n 36554,\n 36555,\n 37079,\n 37138\n );\n script_xref(name:\"SECUNIA\", value:\"37412\");\n\n script_name(english:\"PHP 5.3 < 5.3.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3 installed on the\nremote host is older than 5.3.1. Such versions may be affected by\nseveral security issues :\n\n - Sanity checks are missing in exif processing.\n\n - It is possible to bypass the 'safe_mode' configuration\n setting using 'tempnam()'.\n\n - It is possible to bypass the 'open_basedir' \n configuration setting using 'posix_mkfifo()'.\n\n - The 'safe_mode_include_dir' configuration setting may\n be ignored. (Bug #50063)\n\n - Calling 'popen()' with an invalid mode can cause a \n crash under Windows. (Bug #44683)\n\n - Provided file uploading is enabled (it is by default),\n an attacker can upload files using a POST request with\n 'multipart/form-data' content even if the target script \n doesn't actually support file uploads per se. By\n supplying a large number (15,000+) of files, an attacker\n could cause the web server to stop responding while it\n processes the file list.\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)\n\n - An unspecified vulnerability affects the LCG entropy.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/507982/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_1.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.3\\.0($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.1\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:37:19", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 6.3. Such versions are reportedly affected by the following vulnerabilities :\n\n - An error exists in the function 'fnmatch' in the bundled version of PHP that can lead to stack exhaustion. (CVE-2010-1917)\n\n - An information disclosure vulnerability exists in the 'var_export' function in the bundled version of PHP that can be triggered when handling certain error conditions. (CVE-2010-2531)\n\n - A double free vulnerability in the 'ssl3_get_key_exchange()' function in the third-party OpenSSL library could be abused to crash the application. (CVE-2010-2939)\n\n - A format string vulnerability in the phar extension in the bundled version of PHP could lead to the disclosure of memory contents and possibly allow execution of arbitrary code via a specially crafted 'phar://' URI. (CVE-2010-2950)\n\n - A NULL pointer dereference in 'ZipArchive::getArchiveComment' included with the bundled version of PHP can be abused to crash the application. (CVE-2010-3709)\n\n - The bundled version of libxml2 may read from invalid memory locations when processing malformed XPath expressions, resulting in an application crash.\n (CVE-2010-4008)\n\n - An error in the 'mb_strcut()' function in the bundled version of PHP can be exploited by passing a large 'length' parameter to disclose potentially sensitive information from the heap. (CVE-2010-4156)\n\n - An as-yet unspecified remote code execution vulnerability could allow an authenticated user to execute arbitrary code with system privileges.\n (CVE-2011-1540)\n\n - An as-yet unspecified, unauthorized access vulnerability could lead to a complete system compromise.\n (CVE-2011-1541)", "cvss3": {}, "published": "2011-04-22T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1917", "CVE-2010-2531", "CVE-2010-2939", "CVE-2010-2950", "CVE-2010-3709", "CVE-2010-4008", "CVE-2010-4156", "CVE-2011-1540", "CVE-2011-1541"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_6_3_0_22.NASL", "href": "https://www.tenable.com/plugins/nessus/53532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53532);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2010-1917\",\n \"CVE-2010-2531\",\n \"CVE-2010-2939\",\n \"CVE-2010-2950\",\n \"CVE-2010-3709\",\n \"CVE-2010-4008\",\n \"CVE-2010-4156\",\n \"CVE-2011-1540\",\n \"CVE-2011-1541\"\n );\n script_bugtraq_id(\n 41991,\n 44718,\n 44727,\n 44779,\n 47507,\n 47512\n );\n\n script_name(english:\"HP System Management Homepage < 6.3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote host is earlier than\n6.3. Such versions are reportedly affected by the following\nvulnerabilities :\n\n - An error exists in the function 'fnmatch' in the\n bundled version of PHP that can lead to stack\n exhaustion. (CVE-2010-1917)\n\n - An information disclosure vulnerability exists in the\n 'var_export' function in the bundled version of PHP\n that can be triggered when handling certain error\n conditions. (CVE-2010-2531)\n\n - A double free vulnerability in the\n 'ssl3_get_key_exchange()' function in the third-party\n OpenSSL library could be abused to crash the\n application. (CVE-2010-2939)\n\n - A format string vulnerability in the phar extension\n in the bundled version of PHP could lead to the\n disclosure of memory contents and possibly allow\n execution of arbitrary code via a specially crafted\n 'phar://' URI. (CVE-2010-2950)\n\n - A NULL pointer dereference in\n 'ZipArchive::getArchiveComment' included with the\n bundled version of PHP can be abused to crash the\n application. (CVE-2010-3709)\n\n - The bundled version of libxml2 may read from invalid\n memory locations when processing malformed XPath\n expressions, resulting in an application crash.\n (CVE-2010-4008)\n\n - An error in the 'mb_strcut()' function in the bundled\n version of PHP can be exploited by passing a large\n 'length' parameter to disclose potentially sensitive\n information from the heap. (CVE-2010-4156)\n\n - An as-yet unspecified remote code execution\n vulnerability could allow an authenticated user to\n execute arbitrary code with system privileges.\n (CVE-2011-1540)\n\n - An as-yet unspecified, unauthorized access vulnerability\n could lead to a complete system compromise.\n (CVE-2011-1541)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/517597/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage 6.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:2381, embedded:TRUE);\n\n\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\nif (version == UNKNOWN_VER)\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '6.3.0.22';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n}\nelse exit(0, prod+\" \"+version+\" is listening on port \"+port+\" and is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:46:01", "description": "The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "GLSA-201110-06 : PHP: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2009-5016", "CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1860", "CVE-2010-1861", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1868", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4409", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-06.NASL", "href": "https://www.tenable.com/plugins/nessus/56459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56459);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2009-5016\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1860\", \"CVE-2010-1861\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4409\", \"CVE-2010-4645\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2010-4699\", \"CVE-2010-4700\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-0752\", \"CVE-2011-0753\", \"CVE-2011-0755\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_xref(name:\"GLSA\", value:\"201110-06\");\n\n script_name(english:\"GLSA-201110-06 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-06\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code, obtain\n sensitive information from process memory, bypass intended access\n restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways,\n bypass spam detections, or bypass open_basedir restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.3.8\"), vulnerable:make_list(\"lt 5.3.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:29:27", "description": "The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-005 applied. \n\nThis security update contains fixes for the following products :\n\n - ATS\n - CFNetwork\n - ClamAV\n - CoreGraphics\n - libsecurity\n - PHP\n - Samba", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0098", "CVE-2010-0397", "CVE-2010-1129", "CVE-2010-1205", "CVE-2010-1311", "CVE-2010-1800", "CVE-2010-1801", "CVE-2010-1802", "CVE-2010-1808", "CVE-2010-2063", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-005.NASL", "href": "https://www.tenable.com/plugins/nessus/48424", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(48424);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-0098\",\n \"CVE-2010-0397\",\n \"CVE-2010-1129\",\n \"CVE-2010-1205\",\n \"CVE-2010-1311\",\n \"CVE-2010-1800\",\n \"CVE-2010-1801\",\n \"CVE-2010-1802\",\n \"CVE-2010-1808\",\n \"CVE-2010-2063\",\n \"CVE-2010-2225\",\n \"CVE-2010-2484\",\n \"CVE-2010-2531\"\n );\n script_bugtraq_id(\n 38708, \n 39262, \n 40884, \n 40948, \n 41174, \n 42651, \n 42652, \n 42653, \n 42655\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-005)\");\n script_summary(english:\"Check for the presence of Security Update 2010-005\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes security\nissues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 or 10.5 that\ndoes not have Security Update 2010-005 applied. \n\nThis security update contains fixes for the following products :\n\n - ATS\n - CFNetwork\n - ClamAV\n - CoreGraphics\n - libsecurity\n - PHP\n - Samba\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4312\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Aug/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-005 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba chain_reply Memory Corruption (Linux x86)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^(9\\.[0-8]\\.|10\\.[0-4]\\.)\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[5-9]|201[1-9]\\.[0-9]+)(\\.snowleopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-005 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-12-02T12:56:09", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2089-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nAugust 6, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-1917 CVE-2010-2225\n\nSeveral remote vulnerabilities have been discovered in PHP 5, an hypertext\npreprocessor. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2010-1917\n\n The fnmatch function can be abused to conduct denial of service\nattacks (by crashing the interpreter) by the means of a stack overflow.\n\nCVE-2010-2225\n\n The SplObjectStorage unserializer allows attackers to execute\narbitrary code via serialized data by the means of a use-after-free\nvulnerability.\n\nMOPS-60\n\n The default sessions serializer does not correctly handle a special\nmarker, which allows an attacker to inject arbitrary variables into the\nsession and possibly exploit vulnerabilities in the unserializer.\n\n\n For the vulnerability described by CVE-2010-1128 (predictable entropy\nfor the Linear Congruential Generator used to generate session ids,) we\ndo not consider upstream's solution to be sufficient. It is recommended\nto uncomment the 'session.entropy_file' and 'session.entropy_length'\nsettings in the php.ini files.\n Further improvements can be achieved by setting 'session.hash_function'\nto 1 (one) and incrementing the value of 'session.entropy_length.'\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny9.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your php5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 (stable) alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9.dsc\n Size/MD5 checksum: 2529 8ccce2ae78389fdf093fc638b9d61152\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9.diff.gz\n Size/MD5 checksum: 177397 32868c2bc5907ebeae509a5ae9e27fca\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny9_all.deb\n Size/MD5 checksum: 334570 a919de2518302133307c52d8e59841e9\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9_all.deb\n Size/MD5 checksum: 1082 8eaf906c353774e361210ccce0d3999e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 41628 19ae0c0feab8d955876a89e5b0d886a3\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 5074 1a0c0927f0e33b6e313f4140802c1308\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 5165100 615bd2fa43a8453c302621a424990ab9\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 370150 b100726f251541d3fde1646f62d068d7\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 362780 69cdea9f5d603037c070ebae0bb2c05c\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 57876 e7a3810fe5da3379490dd95547c7f425\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 19678 faabb82e28de4899d0b677d0e7ed489b\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 14058 1167dd05c14b1b26ade0cf1ad7c2dea8\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 17666 fd21ad53aa1a240869cd98d0644a605f\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 5412 108140ca0b6792c2afd0c94765467171\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 39396 6dbab9b2fa5b0aeb6da52b98f9639234\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 37166 cc2606c2763d7c630bd3a7f97a8bb0be\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 8924 b2d3c894080a4d03085721e0d821dcc4\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 2674732 c4770881026df10986f7c9723ac3a34a\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 2599054 fa7d57629c9af820e1ffe3b4ab36daba\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 19517288 b32f680090670cbc49bd4cdff7857477\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 2673724 3a3732a99f85a67c2a62d1fcb997ab43\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 24992 22911a29b2e6ba3d2333203dacba3d87\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 37516 4dc338f1f3f2bcc43bb7c2d548e2d615\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 36656 27b4aca9ec7c347ec2ffb9ef4c2d0ed9\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 12332 53f2fc40287446fffbd6edfc6832273d\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 71706 7c8cf16bcc91916113723a17e8912fd6\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 28194 6066323b0f7b85a2623e9ae3eaf6afe8\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 13802 b86635720c3dc7bf695968e296261b82\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_alpha.deb\n Size/MD5 checksum: 15822 a4207a45a225820405738c0f502ccf52\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 2616106 4b14ac744ae96b82e5939056fa16001f\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 5106 76282dd13365749a15ee08b412c8556c\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 25240 44b448146ecd5c90438c94e1a62ced82\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 16524 a1b22426e0b97c0b66784f05989ec8e1\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 57256 efadb22008ffa9d02f5321aa3aef717f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 367236 42b16dd4a73e4d0fa4596ee36dfda6bf\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 5434 86a5a4becb738de07a97d910625cccd9\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 39930 bcb4a18d79c3f81fd5f5c47156a23808\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 73584 7dfadb5436c095f1f9330cf4985beb35\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 38092 f74e163a0debdebe531b859b76698f3b\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 5086064 0c52161cd1298fb6869701f6ed19d3ae\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 362684 72f1a22dd9e646a99032b708e6a3e37a\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 2561494 9b5cfaddfbac0af24a0cc283bb301aa8\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 20160 12bd69178a1f888945faef7499f8cb4e\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 14184 b90a4fdee8e9ca8839af9159756f99a3\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 13938 1adc37cb3819c61a2446dd9c0b3e0d8b\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 40924 1b37df19fd1aa79211ee430ea1396b4d\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 9482 08b1badc5d3050a1017907d99bdf63bb\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 37046 348cdfbee7c085cdc369f83d3bb8d967\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 2614982 17d2d8d3955e73e0a3d0f0de434213eb\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 48468 9eaa50e4a51dfffac46b12b256fae61c\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 37880 4983d5235e3a5224f793f2ea4c86dfcd\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 12350 c927db922bc846d01649f009cff90d95\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 28622 48c8c179f978f7e9b677a9764cde1ae2\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 18140 ed3fe99308cfcdbf8daebc38ff599e67\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_amd64.deb\n Size/MD5 checksum: 8301468 21474a1315828c3ace06d112439233ed\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 63772 a8c2bd32cc447bdf1f9246383cc4e611\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 16074 d51dd384d17b8d03727e56962b3ffa99\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 11266 22bd2c8d762fff1fe2932490009f5675\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 12786 fb73af56e8258089d351ac909b8b47c3\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 2447414 7e25f85b7e053b323dd8eb3314b42a09\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 34468 223224b146b958fa478d20772a5c9d68\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 4960 c390692a545494fe499368d78c926ad9\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 13850 cf3888c4f0c895f5f512fea81292d5a0\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 8366 cb9f630707d0dfd2c5bac6ded2f25f96\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 12465380 8dcb09ffd7e0a9156e76a27c4c936b6a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 4748 c28c0affc40ac898300849bc2bf7ff10\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 2448538 9e6ab5503c33f4640a7e259f314d8a15\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 2439860 4270376fd460e6ffb1b307111f5067be\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 367434 6f59eb01b1fcd0ff8c8994d480435e87\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 4847354 175cb3e69dc592bf358773506695388f\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 34280 24a25663a69b96282ac530e5d9615ae6\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 366362 71aa427569e0a8b4dcbc3a150098ba75\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 34782 25ce6ff37e738b6259994b7031c801ef\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 34026 23430c597a576fba9618b89c262c93e9\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 18026 ff3f1ecf91a7c7b1d53c03ef4c4b141e\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 12484 e7d1984411e143f5b49520129716f983\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 51422 0341bb91ca183dcd1a51077156f45c0b\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 32768 31af24bfb57a43fcbf49c0b07785546a\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 23642 22ee58efff11cee59e5ee4ba201464d3\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_arm.deb\n Size/MD5 checksum: 25366 c7016b43a2a57bbdc82918de6684b18d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 34306 f5cc1babdb4137027066f1264bff0c83\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 2440406 1fc487b008dae6509d57976c5f4785a6\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 14692 19df6653a70759f97fd850d56266295a\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 24428 a179264cb54c60ca195d9d0850548bd6\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 2448362 2290b9b9c41e17c33671a0be474175c6\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 14342 663be5cf345ec1c8bbbf6c19cfcdb7eb\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 4940 356424af2ced96f07fe654d1c3a719e8\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 34464 5047078557a4199e2887452561eb66c1\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 368142 033ce6bbbb4005b84d3a23dd00c60d5d\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 35810 0f939a82228fc1c5c4f38705c6b7fbb8\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 4848050 3a7f29fd99e6af6c33e9bca543969d5f\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 12294 cb8c8ec9fe5848376c8e770f09d04cc7\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 12607514 41de249432840e0289e7070fc81868c1\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 36146 b4d752ec0ee94b872c892bad2ff9b345\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 26410 fbd92798a0c3ae22b60692cc27560cd6\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 366848 62ab60f6a8e9fa6e463e6cec4f24f306\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 18080 67bdd9caeaa5578f7aadcd248b09e366\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 33912 c1b766331d755b3a7a232a6e27e21d40\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 8372 f27fcdb0afa7fd5a4f2fdf99826d4603\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 11288 9eaa3ef2401265eaf66ab64eb51bcb33\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 63816 f35db6c02731ec0e7640e34240b9b151\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 16056 440cbe2b20a990479dcd152750b6c461\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 51048 f8f454632ce7528b34c14d04270d1753\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 4702 1c6261a3b25e56f9131a7a2a9abc2fe1\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_armel.deb\n Size/MD5 checksum: 2449330 5b7ec0c1a05a316e0b6b61aebd7fe739\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 14684 4107baa658d699ac8b3d6c29fe642ad4\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 39146 e4fdbabae6700c010cc94429a4f23633\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 59446 3a9c00abb945196c56e9198ddec2915e\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 40736 9c83e04d0275a8da854861a2e2117d86\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 21302 ed5f63c292dbc21014879b599976b282\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 19982 65063bc952e632522946508de223f322\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 41522 7e62d0a142b717d62d8d74bcb301c592\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 2749142 6cf6d68fc2e97f499563125cbc3d3b6b\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 5602 9b98271708e3d947afb4d087b1074c72\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 40140 cc7e4da9772556545e58957617ff8b28\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 9726 889952ea32cfc1c6529f0fd98899110d\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 366528 59a21e2771986efb7f7d655586177dd2\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 12962 e0b7e567172b715b5b978af7ac2e55da\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 5894 dcc5da115fb1b2c5cffec9884ac274ba\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 16692 6d9ea33540baabe5212f8ab406cfb067\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 2750384 9b1eeac8320f09945cd965078a543561\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 28006 cd1b9e4c49698e78d0f93a686203413c\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 8833058 e42a1159ce016717aa7377ec8a23934d\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 2642592 f3e1202a25992255cad4363bfa9cd229\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 5249566 e4189baf56484c5577d811e5fa0676c7\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 74400 1e6b71e0101dc9bc194205856e61de7d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 29536 a8a0d3adc972de15f8b286b2631758df\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 39018 fc75e15259443d48307aaa17fcc84d04\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 15672 b02a5856c1451167fc4ecce736ef82c6\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_hppa.deb\n Size/MD5 checksum: 371570 b840e2126eb7b7c428a031bbe60b8183\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 16604 165421c5512333abfae8e8a5fee1b447\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 14198 c3e5074fcaac9f3d7372f4239d62af5d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 25956 89f136031f10a1f15b0ab12790421a6e\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 4850 07bbbaf1d407e200e6ce7f4b133ef6fc\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 2475048 5e85c16b6675db483cfb0b59e45a21cb\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 34522 fc8dbc78d6527a66c0fe3aa813319f7b\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 8470476 3285b11bfd27f5d1aa12d01b124500d9\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 365604 c6f2527534c6dea0477526737d6609ed\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 12918 78f613284e9af511cc0485d2e2c199c4\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 5152 c9fa77ae126c5d4b41d24e8bf816ef7d\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 2483004 e7b22c8f347dd5243a935a4afddbb13d\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 365698 d9fc659f705efb2e46eead531f419479\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 23772 fe638923a87166d6e993530764ddb6aa\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 52358 49878e6f3ca9206cc1058e9207b5af8c\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 4911488 5fff0da5a2b2b920ebfe649b04abc4f8\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 65740 0179500c70964deaf289d29e53057baf\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 18230 ac60d94255d00087a904362eca45a69d\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 34594 535cbd5182de99b39280af58bc9da12c\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 11596 ff3feb0176adb6d4d016be00db4f8cb1\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 37714 21e05c76ad3b0f45b132066c1f37cdcb\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 2484328 d33d01a809a49fbb1d7cb3b51d9fa9d1\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 8470 41044ed612a9fc3f3369ced7f72bdee9\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 33546 35b873799c2b521f19d031737fad4f5a\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 32396 0a6219a4b66171ab86f392c078e2d358\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 12824 2f234d93c9f56b2f14f5b7056ec6002e\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_i386.deb\n Size/MD5 checksum: 45158 654b8fb181307ffb6e79a14a676e8b04\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 11940 f56a773c0173a693f575aca351c5a84c\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 34392 da80b18762176cca58ce18e55c4cc6b4\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 3381242 3b2e1c74a1c6b32bcf8f86477a2baf92\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 38560 23342896b6c30e2352aa8b5641c6dbfa\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 54676 2d1a675e44a1b33d6d894844679c0cc6\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 365632 210bfcbd0a7360e159a3f8f5f620a159\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 15842 2b9252ffaaed05ec8d01602b96368d7a\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 386602 d2d38bbfee356a9cc2b8a12f0286c6ed\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 50862 a55472c26da6ac5692b809daa78a40a1\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 20526 0e1d66e2471a151f5d02a07896859ad8\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 24692 acc26974a34239e7e644c50bf5f4e04c\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 80446 96e5df4df7f39d96b1bf522d4f67ab9a\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 26712 59c7f281bc886b85b5f957b7535fa83c\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 17629050 10185a6732d75076eb780c388a676509\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 6615202 6ebd16408ec4898bfcbe7c5721754432\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 51732 df29a15a67030aa8a247b86287e36b4b\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 97514 2eed77d9e02155e23f6c9e2a23621f24\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 50640 bfd54533d0ac35caaa20dcadca0c6d82\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 18600 d5b791185d6c6ca81c6fc26d44ab9e09\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 3378882 e60abd3d51bd267ed7b44a1deb3929aa\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 6240 9314f6257b815d83a4a2c72e5528142b\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 54670 3b53c3a0da13faa07d95aa72d90d32e7\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 3327092 2db8224d99618c7187448ea0d2bb5480\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 18192 649de6be45e8d2c456f1182abd165f19\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_ia64.deb\n Size/MD5 checksum: 6552 78669f7952b80cf23552540a9416ca77\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 51172 09956059e918bef55484b6780664b508\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 18438 7f6afe6c159678ed54697e6132852ea3\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 5308 c23c81b923835ac7ca6a7281aef212df\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 35318 78b66653cf3249b698f3d6a5c7b08f7e\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 2521218 0ad8b092c41fd8bfa1cff3de78948b4b\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 32348 c63699d3b70bcb6eab53786f1659b588\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 13314 134cff625725a5b019f4fc5556234e88\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 5006 c1855389860eae9157fce79c09ab4895\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 8282 5061bb2d0b8a348b704e2ecb51a80595\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 2494522 e5e09f8070711d48c25d3fbea985c9ea\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 2519910 98926b04a0c5add10a0af130f694e23d\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 4959038 27cb99f5eddaffdbf40575795339e087\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 35824 356be65760d751d4eec9e02b503860fe\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 9446976 75110aceb53b0038195f5a623a93b9fb\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 25340 dfe70b4e57cf2f431d0e6506385fa87f\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 12932 7a1377c050c6369dbf8d57883fa9f2a5\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 32428 b4e8980b7ff5427c8add817423848262\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 33866 acdb347b41c66c943c1d0c225768c2b9\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 23200 0431ba2a9b037b6608a2b1c6b5c0c405\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 11514 3c8cce6f897367e5e10ba5a5d5779ad4\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 367054 5de7cf4d7a4ab78b677116901aac632a\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 16038 8185e0106b23e9d31cc259cbd2e33fc6\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 365810 a1b7d3a5c84817d68d7558fc1c6cc501\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 12386 2cd2d70bd73f903998528b3de39c639f\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_mips.deb\n Size/MD5 checksum: 63682 aa442c75cf32c584e5b578f857bf1ee6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 25158 fdb1916599a392708c7765444d2115dd\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 4906630 49d52cb154f73c02977e76f7071c6244\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 13208 b6ca75767cad6e248d13a99cf12dce84\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 50834 28486fb446c6e8068f9145856f2758ec\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 2467822 c16b77d6e3f01989c9cf7c3c68c7630f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 366220 b023d1758d8eef0a4473fb236fb77500\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 8855360 9ca703ce0dd731572830db38d25497ab\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 35660 eb2120315f17c3635216d74b3d64b1f1\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 11434 711b707aa0be1ae8abf1d4abcf2d5135\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 12308 af30cdc0d3b3040a4c92b9d0a03fe800\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 4988 2a1fdd925e860bbce0e00c0cd079e463\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 31796 6c2890fbe7f4b3e2291f963eca4b2475\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 12838 16bb48fcc38a9e1d27d8f8dafff1d8bd\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 18326 190380869e35dace3650f4a2807cc5e0\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 2476942 507ab906c077e3b92fd444f9ebb8cb69\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 8208 22a28c99c272e34673d6b19972497d09\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 33620 c6ac215275b5e2172408cbd944532be3\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 362868 ea437d5ed9e34f242b5f9466415ca111\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 23090 3301fbcc44337a827e4533500c332b25\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 2477720 0984fcdedd6adf1657b4a740dfbb5f75\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 15902 7d1d22095467134c7193632e0834c9eb\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 5266 c7ef77220e7d8bc4f2949a885da68e20\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 32260 dfb159ddffbcb03df885d6816874748a\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 62772 eb1eb9644ae09b972f3970d900bb8486\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_mipsel.deb\n Size/MD5 checksum: 35250 50b2200d08c97d6d57e81553156d46c4\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 372550 a5a05bb07a2cdc403184838f3179bb8a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 7224 2edb3b2aca3d3b71e6c8fd30d85b7a3f\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 56150 30c94882ac34aa7d53aa56f699bc2208\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 9008162 bb8e445914f07000332b81c7eec71ff7\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 28056 b9fb03d0664b68320fa72b2eabc195c4\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 16952 63b04393eca2ff3f06fde1fa59acd0bb\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 21522 654a6a8a91b81b4b78809380fe8a2000\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 5073728 33e2566bdc5ba476ec2ded43382cad4e\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 38120 ec989764bf4fd802a58b5d4fbc81447e\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 15948 a93b666d3bdb2e1c9340a4a1029b3e9c\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 30952 2350db316d322af7d3e921e68d43288e\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 14128 ba2c881da8f015aa24f065e13667aeac\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 77044 26d35b8329bfe6fd2315a73388016c74\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 2647940 c0f075554478e6efa04207ca74d9c66f\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 2557328 0cab9880531bc74e6e0f173d1195095c\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 41078 282b37a367f5c8f286899eb366555fbb\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 16052 45a91a046d560fed07923e23a8f2a7ad\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 60218 33b7377b9966f9a590acd4f8dfae4f25\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 42776 0a204d572d43885433dd931084838215\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 10980 e16e3c5ef3ccbfdbfc668da85e383fcb\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 7518 85fb24552abc09fb3b54c8375effd873\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 39120 5d9c80ab960392715111bb5409e7ed4f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 2645764 022572d04b938128dd67ceaf3f61006d\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 365798 6e71313ab7650c37477534439f98c7ec\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 42338 94b4d88f50f42b7ab70d377df14d3382\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_powerpc.deb\n Size/MD5 checksum: 20044 c245dd1905ff8d7747e3d03dc14b9c5b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 20670 af6e2bf667983d3d74e91621c75554e7\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 9057914 018a034d2ade4df80970464be278a183\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 5584 2f74455a9424199b89231db1d83853b4\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 2634150 6cf6666c6b307f142600258d08819d98\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 38330 52b07625c2dd446a6bb19c45fbdc8a37\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 18598 e00810551c51ad4de30ba989a6fd2f5f\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 58256 98020ba72af186747bbd59cce8186443\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 74020 c54e5ab7c226b55caf9ea6618cc2c4b5\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 12356 90ae805f879644efd94957a31f7911bf\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 2697852 12f0cc608c5ba0783ecdcb37558e4bdc\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 13992 f2f1f74384cc8e9afd1affd415cc7117\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 28786 319dc5e81c41cdbeee7d2d5123cede85\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 5230154 7792ee40a1b7807fd0e88f1399619728\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 25182 0133a430f9c7f9d1c776eadb1a72f55c\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 9348 0d7b60c16484c260f2d2a54808f2a45a\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 2699582 077a1e2f5e333237555d269cd19d3ef4\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 37978 54263d7bf00ef71a6e8150d34da757bb\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 39702 c29f4f283bbba41ff6201f03abe0e1b4\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 369484 e69a756e80a02a18838d0e2d7e0b2a9b\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 14182 73a1a1238fc20802c0b530f22f1ede05\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 36312 8107298e75ca659c66dc5e2a0e795f31\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 5292 f346050c0f45fbb4e5a84e8465b904b6\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 366202 839a7f3ac45e504b7f0d88c6f8e8bbb4\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 41988 7c714b27132cdd441584c25a926065da\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_s390.deb\n Size/MD5 checksum: 15522 974a1bf99be95521f02ee2f55b6fd42b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 365822 b1700bb0ccff9e752223ad0171e1c721\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 44368 24ec77e862c9c8992834ede147d2f228\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 11210 647693be7e07d2f407c214722a670dcc\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 2474514 376f1e059b98795261d69228673bb5c9\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 17496 cb8a855e5ca014bac6089f73cec3514b\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 13090 e4c8c487724f48420c8ede979a449a10\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 24316 4f3cf3e74cc954e664753340180fb0c1\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 2475542 a3765cf12406e127baa4c55da1cb76c4\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 35974 2a07a7b21c838c4fb8d3dad11cc2850f\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 4810 7997c3b45ad073f47bbae042d1decbee\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 8389408 0349c888bf049548e31f2737328dea9a\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 8196 05ecbedbd87c2e7d6026af093cc104b5\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 34078 2f59ba82293d3674113782c39520a524\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 16522 49ef4ebba01a0d97b25308a9b02f8ab4\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 49814 e824b2afce8e7949abaa39129e908800\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 33862 03ceae5e67abd67f2239d45e36edd22c\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 4819250 0fcee16252f8deabb7b06d4d04688c1d\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 2426340 deac8f2ba0118b86410f525aa255cbb7\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 13458 4bd736f78983c9693e5ab9bddf08197c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 32962 7217602b3b0661014379c6b808318892\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 5016 08e3278ab613247032a0b3ec6357597a\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 12322 82b111054d30ebf5b96dd42fdad2b3bb\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 63058 36040ba288c37defcdccf940d3709111\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 24858 db18e0f64545f5c17fbad9194480b37f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 367326 74ae24882bf8c58a904cf3c8b5372caf\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_sparc.deb\n Size/MD5 checksum: 32882 13ca97d73adbe455c740a1d3cc518e90\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2010-08-06T05:42:32", "type": "debian", "title": "[SECURITY] [DSA-2089-1] New php5 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1128", "CVE-2010-1917", "CVE-2010-2225"], "modified": "2010-08-06T05:42:32", "id": "DEBIAN:DSA-2089-1:00F1C", "href": "https://lists.debian.org/debian-security-announce/2010/msg00134.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-240-04.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2010-240-04 php", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-1917"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231068173", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068173", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_240_04.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68173\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2010-1917\", \"CVE-2010-2225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-240-04 php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-240-04\");\n\n script_tag(name:\"insight\", value:\"New php packages are available for Slackware 11.0 (extra), 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-240-04.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:56", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-240-04.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2010-240-04 php ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-1917"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:68173", "href": "http://plugins.openvas.org/nasl.php?oid=68173", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_240_04.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 11.0 (extra), 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-240-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-240-04\";\n \nif(description)\n{\n script_id(68173);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2010-1917\", \"CVE-2010-2225\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-240-04 php \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.14-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2010:0919 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880633", "href": "http://plugins.openvas.org/nasl.php?oid=880633", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2010:0919 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n \n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n \n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n \n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n \n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n \n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n \n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-November/017198.html\");\n script_id(880633);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0919\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"CentOS Update for php CESA-2010:0919 centos5 i386\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Oracle Linux Local Security Checks ELSA-2010-0919", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0919", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0919.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122295\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0919\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0919 - php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0919\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0919.html\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~27.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-14T11:48:51", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2010:0919-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:870362", "href": "http://plugins.openvas.org/nasl.php?oid=870362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2010:0919-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n \n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n \n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n \n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n \n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n \n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n \n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"php on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00035.html\");\n script_id(870362);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0919-01\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"RedHat Update for php RHSA-2010:0919-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:40", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2010:0919-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:1361412562310870362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2010:0919-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n \n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n \n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n \n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n \n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n \n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n \n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"php on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00035.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870362\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0919-01\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"RedHat Update for php RHSA-2010:0919-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~27.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.31\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:47", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2010:0919 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310880456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2010:0919 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n \n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n \n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n \n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n \n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n \n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n \n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-December/017205.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880456\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0919\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"CentOS Update for php CESA-2010:0919 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2010:0919 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880633", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2010:0919 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-November/017198.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880633\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0919\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"CentOS Update for php CESA-2010:0919 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"php on CentOS 5\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n\n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n\n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n\n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n\n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n\n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n\n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~27.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-15T11:58:07", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-12-09T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2010:0919 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2531", "CVE-2010-3065", "CVE-2010-3870", "CVE-2009-5016", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:880456", "href": "http://plugins.openvas.org/nasl.php?oid=880456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2010:0919 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n An input validation flaw was discovered in the PHP session serializer. If a\n PHP script generated session variable names from untrusted user input, a\n remote attacker could use this flaw to inject an arbitrary variable into\n the PHP session. (CVE-2010-3065)\n \n An information leak flaw was discovered in the PHP var_export() function\n implementation. If some fatal error occurred during the execution of this\n function (such as the exhaustion of memory or script execution time limit),\n part of the function's output was sent to the user as script output,\n possibly leading to the disclosure of sensitive information.\n (CVE-2010-2531)\n \n A numeric truncation error and an input validation flaw were found in the\n way the PHP utf8_decode() function decoded partial multi-byte sequences\n for some multi-byte encodings, sending them to output without them being\n escaped. An attacker could use these flaws to perform a cross-site\n scripting attack. (CVE-2009-5016, CVE-2010-3870)\n \n It was discovered that the PHP lcg_value() function used insufficient\n entropy to seed the pseudo-random number generator. A remote attacker could\n possibly use this flaw to predict values returned by the function, which\n are used to generate session identifiers by default. This update changes\n the function's implementation to use more entropy during seeding.\n (CVE-2010-1128)\n \n It was discovered that the PHP fnmatch() function did not restrict the\n length of the pattern argument. A remote attacker could use this flaw to\n crash the PHP interpreter where a script used fnmatch() on untrusted\n matching patterns. (CVE-2010-1917)\n \n A NULL pointer dereference flaw was discovered in the PHP XML-RPC\n extension. A malicious XML-RPC client or server could use this flaw to\n crash the PHP interpreter via a specially-crafted XML-RPC request.\n (CVE-2010-0397)\n \n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-December/017205.html\");\n script_id(880456);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 08:26:35 +0100 (Thu, 09 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0919\");\n script_cve_id(\"CVE-2009-5016\", \"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1917\", \"CVE-2010-2531\", \"CVE-2010-3065\", \"CVE-2010-3870\");\n script_name(\"CentOS Update for php CESA-2010:0919 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.31\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:21", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-989-1", "cvss3": {}, "published": "2010-09-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 vulnerabilities USN-989-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1129", "CVE-2010-2225", "CVE-2010-1868", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-1866", "CVE-2010-2094", "CVE-2010-1130", "CVE-2010-2950", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310840501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840501", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_989_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for php5 vulnerabilities USN-989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc\n requests. An attacker could exploit this issue to cause the PHP server to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)\n\n It was discovered that the pseudorandom number generator in PHP did not\n provide the expected entropy. An attacker could exploit this issue to\n predict values that were intended to be random, such as session cookies.\n This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10.\n (CVE-2010-1128)\n \n It was discovered that PHP did not properly handle directory pathnames that\n lacked a trailing slash character. An attacker could exploit this issue to\n bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS,\n 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129)\n \n Grzegorz Stachowiak discovered that the PHP session extension did not\n properly handle semicolon characters. An attacker could exploit this issue\n to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS,\n 9.04 and 9.10. (CVE-2010-1130)\n \n Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked\n encoding streams. An attacker could exploit this issue to cause the PHP\n server to crash and possibly execute arbitrary code with application\n privileges. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1866)\n \n Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly\n handled empty SQL queries. An attacker could exploit this issue to possibly\n execute arbitrary code with application privileges. (CVE-2010-1868)\n \n Mateusz Kocielski discovered that PHP incorrectly handled certain arguments\n to the fnmatch function. An attacker could exploit this flaw and cause the\n PHP server to consume all available stack memory, resulting in a denial of\n service. (CVE-2010-1917)\n \n Stefan Esser discovered that PHP incorrectly handled certain strings in the\n phar extension. An attacker could exploit this flaw to possibly view\n sensitive information. This issue only affected Ubuntu 10.04 LTS.\n (CVE-2010-2094, CVE-2010-2950)\n \n Stefan Esser discovered that PHP incorrectly handled deserialization of\n SPLObjectStorage objects. A remote attacker could exploit this issue to\n view sensitive information and possibly execute arbitrary code with\n application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04,\n 9.10 and 10.04 LTS. (CVE-2010-2225)\n \n It was discovered that PHP incorrectly filtered ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-989-1\";\ntag_affected = \"php5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-989-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840501\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"989-1\");\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1917\", \"CVE-2010-2094\", \"CVE-2010-2225\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3065\");\n script_name(\"Ubuntu Update for php5 vulnerabilities USN-989-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:43", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-989-1", "cvss3": {}, "published": "2010-09-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 vulnerabilities USN-989-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1129", "CVE-2010-2225", "CVE-2010-1868", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-1866", "CVE-2010-2094", "CVE-2010-1130", "CVE-2010-2950", "CVE-2010-1917", "CVE-2010-1128", "CVE-2010-0397"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840501", "href": "http://plugins.openvas.org/nasl.php?oid=840501", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_989_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for php5 vulnerabilities USN-989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc\n requests. An attacker could exploit this issue to cause the PHP server to\n crash, resulting in a denial of service. This issue only affected Ubuntu\n 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)\n\n It was discovered that the pseudorandom number generator in PHP did not\n provide the expected entropy. An attacker could exploit this issue to\n predict values that were intended to be random, such as session cookies.\n This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10.\n (CVE-2010-1128)\n \n It was discovered that PHP did not properly handle directory pathnames that\n lacked a trailing slash character. An attacker could exploit this issue to\n bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS,\n 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129)\n \n Grzegorz Stachowiak discovered that the PHP session extension did not\n properly handle semicolon characters. An attacker could exploit this issue\n to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS,\n 9.04 and 9.10. (CVE-2010-1130)\n \n Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked\n encoding streams. An attacker could exploit this issue to cause the PHP\n server to crash and possibly execute arbitrary code with application\n privileges. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1866)\n \n Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly\n handled empty SQL queries. An attacker could exploit this issue to possibly\n execute arbitrary code with application privileges. (CVE-2010-1868)\n \n Mateusz Kocielski discovered that PHP incorrectly handled certain arguments\n to the fnmatch function. An attacker could exploit this flaw and cause the\n PHP server to consume all available stack memory, resulting in a denial of\n service. (CVE-2010-1917)\n \n Stefan Esser discovered that PHP incorrectly handled certain strings in the\n phar extension. An attacker could exploit this flaw to possibly view\n sensitive information. This issue only affected Ubuntu 10.04 LTS.\n (CVE-2010-2094, CVE-2010-2950)\n \n Stefan Esser discovered that PHP incorrectly handled deserialization of\n SPLObjectStorage objects. A remote attacker could exploit this issue to\n view sensitive information and possibly execute arbitrary code with\n application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04,\n 9.10 and 10.04 LTS. (CVE-2010-2225)\n \n It was discovered that PHP incorrectly filtered ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-989-1\";\ntag_affected = \"php5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-989-1/\");\n script_id(840501);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"989-1\");\n script_cve_id(\"CVE-2010-0397\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1917\", \"CVE-2010-2094\", \"CVE-2010-2225\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3065\");\n script_name(\"Ubuntu Update for php5 vulnerabilities USN-989-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.19\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.6\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:12", "description": "PHP is prone to a vulnerability that an attacker could exploit to\n execute arbitrary code with the privileges of the user running the\n affected application.", "cvss3": {}, "published": "2010-06-21T00:00:00", "type": "openvas", "title": "PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225"], "modified": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310100684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_40948.nasl 10459 2018-07-09 07:41:24Z cfischer $\n#\n# PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100684\");\n script_version(\"$Revision: 10459 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:41:24 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-21 20:36:15 +0200 (Mon, 21 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2225\");\n script_bugtraq_id(40948);\n script_name(\"PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/40948\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=605641\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n\n script_tag(name:\"impact\", value:\"Successful exploits will compromise the application and possibly\n the computer.\");\n\n script_tag(name:\"affected\", value:\"PHP 5 through 5.3.2 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to a vulnerability that an attacker could exploit to\n execute arbitrary code with the privileges of the user running the\n affected application.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"5\", test_version2:\"5.3.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.3.3\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-12T11:10:39", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-12T00:00:00", "id": "OPENVAS:862349", "href": "http://plugins.openvas.org/nasl.php?oid=862349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 13\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046022.html\");\n script_id(862349);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:08", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:1361412562310862343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 12\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046048.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862343\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for maniadrive FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~22.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:46", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:1361412562310862347", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862347", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 12\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046047.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862347\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:53:59", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310862349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 13\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046022.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862349\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:47", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862346", "href": "http://plugins.openvas.org/nasl.php?oid=862346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 13\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046023.html\");\n script_id(862346);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for maniadrive FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~22.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:49:03", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862345", "href": "http://plugins.openvas.org/nasl.php?oid=862345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046046.html\");\n script_id(862345);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:57", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862351", "href": "http://plugins.openvas.org/nasl.php?oid=862351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046021.html\");\n script_id(862351);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:35", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:1361412562310862346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 13\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862346\");\n script_version(\"$Revision: 8254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 08:29:05 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for maniadrive FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~22.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:04:59", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2010-11481", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:1361412562310862351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2010-11481\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862351\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11481\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php FEDORA-2010-11481\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:57", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:1361412562310862345", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046046.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862345\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:27", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:862347", "href": "http://plugins.openvas.org/nasl.php?oid=862347", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 12\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator & Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046047.html\");\n script_id(862347);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:57:49", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2010-11428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-1915", "CVE-2010-2190", "CVE-2010-1914", "CVE-2010-1917", "CVE-2010-0397"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:862343", "href": "http://plugins.openvas.org/nasl.php?oid=862343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2010-11428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 12\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging "story mode", LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046048.html\");\n script_id(862343);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11428\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\", \"CVE-2010-2190\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\");\n script_name(\"Fedora Update for maniadrive FEDORA-2010-11428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~22.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:13", "description": "The remote web server has installed a PHP Version which is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2010-02-27T00:00:00", "type": "openvas", "title": "PHP < 5.2.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1129", "CVE-2010-1128"], "modified": "2019-03-01T00:00:00", "id": "OPENVAS:1361412562310100511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100511", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: php_5_2_13.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# PHP < 5.2.13 Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100511\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-27 19:39:22 +0100 (Sat, 27 Feb 2010)\");\n script_bugtraq_id(38182, 38431, 38430);\n script_cve_id(\"CVE-2010-1128\", \"CVE-2010-1129\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP < 5.2.13 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/38182\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/38431\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/38430\");\n script_xref(name:\"URL\", value:\"http://securityreason.com/achievement_securityalert/82\");\n script_xref(name:\"URL\", value:\"http://www.php.net/releases/5_2_13.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n script_xref(name:\"URL\", value:\"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272\");\n script_xref(name:\"URL\", value:\"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.2.13 are affected.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities exist due to:\n\n 1. A 'safe_mode' restriction-bypass vulnerability. Successful exploits\n could allow an attacker to write session files in arbitrary directions.\n\n 2. A 'safe_mode' restriction-bypass vulnerability. Successful exploits\n could allow an attacker to access files in unauthorized locations or\n create files in any writable directory.\n\n 3. An unspecified security vulnerability that affects LCG entropy.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"The remote web server has installed a PHP Version which is prone to\n Multiple Vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.13\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.13\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-18T10:58:08", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:140 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-0397"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:831114", "href": "http://plugins.openvas.org/nasl.php?oid=831114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:140 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.3.3\n for 2010.0/2010.1.\n\n Security Enhancements and Fixes in PHP 5.3.3:\n \n * Rewrote var_export() to use smart_str rather than output buffering,\n prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n * Fixed a possible resource destruction issues in shm_put_var().\n * Fixed a possible information leak because of interruption of\n XOR operator.\n * Fixed a possible memory corruption because of unexpected call-time\n pass by references and following memory clobbering through callbacks.\n * Fixed a possible memory corruption in ArrayObject::uasort().\n * Fixed a possible memory corruption in parse_str().\n * Fixed a possible memory corruption in pack().\n * Fixed a possible memory corruption in substr_replace().\n * Fixed a possible memory corruption in addcslashes().\n * Fixed a possible stack exhaustion inside fnmatch().\n * Fixed a possible dechunking filter buffer overflow.\n * Fixed a possible arbitrary memory access inside sqlite extension.\n * Fixed string format validation inside phar extension.\n * Fixed handling of session variable serialization on certain prefix\n characters.\n * Fixed a NULL pointer dereference when processing invalid XML-RPC\n requests (Fixes CVE-2010-0397, bug #51288).\n * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n * Fixed possible buffer overflows in mysqlnd_list_fields,\n mysqlnd_change_user.\n * Fixed possible buffer overflows when handling error packets\n in mysqlnd.\n \n Additionally some of the third party extensions and required\n dependencies has been upgraded and/or rebuilt for the new php version.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-07/msg00022.php\");\n script_id(831114);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:140\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\");\n script_name(\"Mandriva Update for php MDVSA-2010:140 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl1\", rpm:\"libmbfl1~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl-devel\", rpm:\"libmbfl-devel~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~2.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~2.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.1~0.20090208.4.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.9~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl\", rpm:\"libmbfl~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mbfl1\", rpm:\"lib64mbfl1~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mbfl-devel\", rpm:\"lib64mbfl-devel~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:28", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:140 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2531", "CVE-2010-0397"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:1361412562310831114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:140 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.3.3\n for 2010.0/2010.1.\n\n Security Enhancements and Fixes in PHP 5.3.3:\n \n * Rewrote var_export() to use smart_str rather than output buffering,\n prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n * Fixed a possible resource destruction issues in shm_put_var().\n * Fixed a possible information leak because of interruption of\n XOR operator.\n * Fixed a possible memory corruption because of unexpected call-time\n pass by references and following memory clobbering through callbacks.\n * Fixed a possible memory corruption in ArrayObject::uasort().\n * Fixed a possible memory corruption in parse_str().\n * Fixed a possible memory corruption in pack().\n * Fixed a possible memory corruption in substr_replace().\n * Fixed a possible memory corruption in addcslashes().\n * Fixed a possible stack exhaustion inside fnmatch().\n * Fixed a possible dechunking filter buffer overflow.\n * Fixed a possible arbitrary memory access inside sqlite extension.\n * Fixed string format validation inside phar extension.\n * Fixed handling of session variable serialization on certain prefix\n characters.\n * Fixed a NULL pointer dereference when processing invalid XML-RPC\n requests (Fixes CVE-2010-0397, bug #51288).\n * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n * Fixed possible buffer overflows in mysqlnd_list_fields,\n mysqlnd_change_user.\n * Fixed possible buffer overflows when handling error packets\n in mysqlnd.\n \n Additionally some of the third party extensions and required\n dependencies has been upgraded and/or rebuilt for the new php version.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-07/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831114\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:140\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-0397\", \"CVE-2010-2225\");\n script_name(\"Mandriva Update for php MDVSA-2010:140 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl1\", rpm:\"libmbfl1~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl-devel\", rpm:\"libmbfl-devel~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~2.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~2.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.1~0.20090208.4.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.9~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmbfl\", rpm:\"libmbfl~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mbfl1\", rpm:\"lib64mbfl1~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mbfl-devel\", rpm:\"lib64mbfl-devel~1.1.0~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:33", "description": "Check for the Version of mandriva-release", "cvss3": {}, "published": "2010-02-15T00:00:00", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1128"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:830876", "href": "http://plugins.openvas.org/nasl.php?oid=830876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mandriva-release on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Update for mandriva-release for 5.1 release of Mandriva Enterprise\n Server 5.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00016.php\");\n script_id(830876);\n script_version(\"$Revision: 8205 $\");\n script_cve_id(\"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:058\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Server\", rpm:\"mandriva-release-Server~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:39", "description": "Check for the Version of mandriva-release", "cvss3": {}, "published": "2010-02-15T00:00:00", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1128"], "modified": "2018-01-18T00:00:00", "id": "OPENVAS:1361412562310830876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mandriva-release on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Update for mandriva-release for 5.1 release of Mandriva Enterprise\n Server 5.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00016.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830876\");\n script_version(\"$Revision: 8457 $\");\n script_cve_id(\"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:058\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Server\", rpm:\"mandriva-release-Server~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2009.0~13.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:32:03", "description": "PHP version smaller than 5.3.3 suffers from multiple vulnerabilities.", "cvss3": {}, "published": "2012-06-21T00:00:00", "type": "openvas", "title": "PHP Version < 5.3.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2097", "CVE-2010-2531", "CVE-2010-3065", "CVE-2010-2191", "CVE-2007-1581", "CVE-2010-2190", "CVE-2010-3063", "CVE-2010-2101", "CVE-2010-3062", "CVE-2010-1860", "CVE-2010-3064", "CVE-2010-2100", "CVE-2010-1917", "CVE-2010-1864", "CVE-2010-1862", "CVE-2010-0397"], "modified": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310110182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110182", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_3_3.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version < 5.3.3 Multiple Vulnerabilities\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110182\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2007-1581\", \"CVE-2010-0397\", \"CVE-2010-1860\", \"CVE-2010-1862\",\n \"CVE-2010-1864\", \"CVE-2010-1917\", \"CVE-2010-2097\", \"CVE-2010-2100\",\n \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\",\n \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-3062\", \"CVE-2010-3063\",\n \"CVE-2010-3064\", \"CVE-2010-3065\");\n script_bugtraq_id(38708, 40461, 40948, 41991);\n script_name(\"PHP Version < 5.3.3 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Update PHP to version 5.3.3 or later.\");\n\n script_tag(name:\"summary\", value:\"PHP version smaller than 5.3.3 suffers from multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.3.3\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-23T13:06:06", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:139 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-0397"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310831115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:139 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.2.14\n for CS4/MES5/2008.0/2009.0/2009.1.\n\n Security Enhancements and Fixes in PHP 5.2.14:\n \n * Rewrote var_export() to use smart_str rather than output buffering,\n prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n * Fixed a possible interruption array leak in\n strrchr().(CVE-2010-2484)\n * Fixed a possible interruption array leak in strchr(), strstr(),\n substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),\n trim().\n * Fixed a possible memory corruption in substr_replace().\n * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n * Fixed a possible stack exaustion inside fnmatch().\n * Fixed a NULL pointer dereference when processing invalid XML-RPC\n requests (Fixes CVE-2010-0397, bug #51288).\n * Fixed handling of session variable serialization on certain prefix\n characters.\n * Fixed a possible arbitrary memory access inside sqlite\n extension. Reported by Mateusz Kocielski.\n \n Additionally some of the third party extensions has been upgraded\n and/or rebuilt for the new php version.\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-07/msg00021.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831115\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:139\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-2225\", \"CVE-2010-0397\");\n script_name(\"Mandriva Update for php MDVSA-2010:139 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.1~16.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~0.1~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~7.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~7.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~18.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~0.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.0~18.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2010.9~0.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.0~18.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-yp\", rpm:\"php-yp~5.2.3~4.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~22.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.1~21.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~3.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~12.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~13.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~11.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~23.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha1.1.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~21.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~1.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.4~6.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~3.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~2.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~26.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~3.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~7.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~15.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~17.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~15.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~27.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha1.5.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~25.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~2.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.4~10.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~7.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~6.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.1~21.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~12.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~13.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~23.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha1.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~21.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.4~6.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.14~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:59", "description": "Check for the Version of php", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2010:139 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-0397"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:831115", "href": "http://plugins.openvas.org/nasl.php?oid=831115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2010:139 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a maintenance and security update that upgrades php to 5.2.14\n for CS4/MES5/2008.0/2009.0/2009.1.\n\n Security Enhancements and Fixes in PHP 5.2.14:\n \n * Rewrote var_export() to use smart_str rather than output buffering,\n prevents data disclosure if a fatal error occurs (CVE-2010-2531).\n * Fixed a possible interruption array leak in\n strrchr().(CVE-2010-2484)\n * Fixed a possible interruption array leak in strchr(), strstr(),\n substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),\n trim().\n * Fixed a possible memory corruption in substr_replace().\n * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).\n * Fixed a possible stack exaustion inside fnmatch().\n * Fixed a NULL pointer dereference when processing invalid XML-RPC\n requests (Fixes CVE-2010-0397, bug #51288).\n * Fixed handling of session variable serialization on certain prefix\n characters.\n * Fixed a possible arbitrary memory access inside sqlite\n extension. Reported by Mateusz Kocielski.\n \n Additionally some of the third party extensions has been upgraded\n and/or rebuilt for the new php version.\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-07/msg00021.php\");\n script_id(831115);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:139\");\n script_cve_id(\"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-2225\", \"CVE-2010-0397\");\n script_name(\"Mandriva Update for php MDVSA-2010:139 (php)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.1~16.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~0.1~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~7.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~7.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~18.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~17.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.14~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n
php5 - several vulnerabilities
