Vulnerabilities > CVE-2006-7228 - Numeric Errors vulnerability in Pcre

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12013.NASL
    descriptionPython contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)
    last seen2020-06-01
    modified2020-06-02
    plugin id41173
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41173
    titleSuSE9 Security Update : Python (YOU Patch Number 12013)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41173);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2005-2491", "CVE-2006-7228");
    
      script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12013)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Python contains a copy of the pcre library. Specially crafted regular
    expressions could lead to a buffer overflow in the pcre library.
    Applications using pcre to process regular expressions from untrusted
    sources could therefore potentially be exploited by attackers to
    execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2005-2491/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7228.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12013.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200712110030")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12000.NASL
    descriptionApache2 contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2006-7224, CVE-2007-1660)
    last seen2020-06-01
    modified2020-06-02
    plugin id41170
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41170
    titleSuSE9 Security Update : Apache 2 (YOU Patch Number 12000)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41170);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2007-1660");
    
      script_name(english:"SuSE9 Security Update : Apache 2 (YOU Patch Number 12000)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Apache2 contains a copy of the pcre library. Specially crafted regular
    expressions could lead to a buffer overflow in the pcre library.
    Applications using pcre to process regular expressions from untrusted
    sources could therefore potentially be exploited by attackers to
    execute arbitrary code. (CVE-2006-7224, CVE-2007-1660)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7224.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-1660.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12000.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"apache2-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-devel-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-doc-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-example-pages-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-prefork-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-worker-2.0.59-1.6")) flag++;
    if (rpm_check(release:"SUSE9", reference:"libapr0-2.0.59-1.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1068.NASL
    descriptionFrom Red Hat Security Advisory 2007:1068 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67613
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67613
    titleOracle Linux 4 : pcre (ELSA-2007-1068)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:1068 and 
    # Oracle Linux Security Advisory ELSA-2007-1068 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67613);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659");
      script_bugtraq_id(26462, 26550, 26725);
      script_xref(name:"RHSA", value:"2007:1068");
    
      script_name(english:"Oracle Linux 4 : pcre (ELSA-2007-1068)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:1068 :
    
    Updated pcre packages that resolve several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    PCRE is a Perl-compatible regular expression library.
    
    Flaws were discovered in the way PCRE handles certain malformed
    regular expressions. If an application linked against PCRE, such as
    Konqueror, parses a malicious regular expression, it may have been
    possible to run arbitrary code as the user running the application.
    (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230,
    CVE-2007-1659)
    
    Users of PCRE are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues.
    
    Red Hat would like to thank Ludwig Nussel for reporting these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000422.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pcre packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"pcre-4.5-4.el4_6.6")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"pcre-4.5-4.el4_6.6")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"pcre-devel-4.5-4.el4_6.6")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"pcre-devel-4.5-4.el4_6.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1076.NASL
    descriptionFrom Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id67614
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67614
    titleOracle Linux 3 / 4 : python (ELSA-2007-1076)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:1076 and 
    # Oracle Linux Security Advisory ELSA-2007-1076 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67614);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965");
      script_bugtraq_id(25696, 26462);
      script_xref(name:"RHSA", value:"2007:1076");
    
      script_name(english:"Oracle Linux 3 / 4 : python (ELSA-2007-1076)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:1076 :
    
    Updated python packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    An integer overflow flaw was discovered in the way Python's pcre
    module handled certain regular expressions. If a Python application
    used the pcre module to compile and execute untrusted regular
    expressions, it may be possible to cause the application to crash, or
    allow arbitrary code execution with the privileges of the Python
    interpreter. (CVE-2006-7228)
    
    A flaw was discovered in the strxfrm() function of Python's locale
    module. Strings generated by this function were not properly
    NULL-terminated. This may possibly cause disclosure of data stored in
    the memory of a Python application using this function.
    (CVE-2007-2052)
    
    Multiple integer overflow flaws were discovered in Python's imageop
    module. If an application written in Python used the imageop module to
    process untrusted images, it could cause the application to crash,
    enter an infinite loop, or possibly execute arbitrary code with the
    privileges of the Python interpreter. (CVE-2007-4965)
    
    Users of Python are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-devel-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-devel-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-tools-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-tools-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"tkinter-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"tkinter-2.2.3-6.8")) flag++;
    
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-4810.NASL
    descriptionThis update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities (CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - The money_format function contained format string flaws (CVE-2007-4658) - Data for some time zones has been updated
    last seen2020-06-01
    modified2020-06-02
    plugin id29878
    published2008-01-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29878
    titleopenSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update apache2-mod_php5-4810.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29878);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898");
    
      script_name(english:"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)");
      script_summary(english:"Check for the apache2-mod_php5-4810 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple bugs in php :
    
      - use system pcre library to fix several pcre
        vulnerabilities (CVE-2007-1659, CVE-2006-7230,
        CVE-2007-1660, CVE-2006-7227 CVE-2005-4872,
        CVE-2006-7228)
    
      - Flaws in processing multi byte sequences in
        htmlentities/htmlspecialchars (CVE-2007-5898)
    
      - overly long arguments to the dl() function could crash
        php (CVE-2007-4825)
    
      - overy long arguments to the glob() function could crash
        php (CVE-2007-4782)
    
      - overly long arguments to some iconv functions could
        crash php (CVE-2007-4840)
    
      - overy long arguments to the setlocale() function could
        crash php (CVE-2007-4784)
    
      - the wordwrap-Function could cause a floating point
        exception (CVE-2007-3998)
    
      - overy long arguments to the fnmatch() function could
        crash php (CVE-2007-4782)
    
      - incorrect size calculation in the chunk_split function
        could lead to a buffer overflow (CVE-2007-4661)
    
      - Flaws in the GD extension could lead to integer
        overflows (CVE-2007-3996)
    
      - The money_format function contained format string flaws
        (CVE-2007-4658)
    
      - Data for some time zones has been updated"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-mod_php5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(20, 22, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dbase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-filepro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mhash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysqli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"apache2-mod_php5-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-bcmath-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-bz2-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-calendar-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-ctype-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-curl-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-dba-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-dbase-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-devel-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-dom-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-exif-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-fastcgi-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-filepro-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-ftp-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-gd-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-gettext-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-gmp-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-iconv-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-imap-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-ldap-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-mbstring-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-mcrypt-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-mhash-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-mysql-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-mysqli-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-ncurses-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-odbc-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-openssl-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pcntl-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_mysql-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_pgsql-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_sqlite-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pear-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pgsql-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-posix-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-pspell-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-shmop-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-snmp-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-soap-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-sockets-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-sqlite-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvmsg-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvsem-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvshm-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-tidy-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-tokenizer-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-wddx-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlreader-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlrpc-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlwriter-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-xsl-5.1.2-29.50") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"php5-zlib-5.1.2-29.50") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0007.NASL
    descriptiona. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40377
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40377
    titleVMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2008-0007. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40377);
      script_version("1.24");
      script_cvs_date("Date: 2018/08/07 11:56:11");
    
      script_cve_id("CVE-2006-7228", "CVE-2007-1660", "CVE-2007-5846", "CVE-2008-0003");
      script_bugtraq_id(26378, 26462, 26727, 27172);
      script_xref(name:"VMSA", value:"2008-0007");
    
      script_name(english:"VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESX host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. Updated pcre Service Console package addresses several security issues
    
    The pcre package contains the Perl-Compatible Regular Expression library.
    pcre is used by various Service Console utilities.
    
    Several security issues were discovered in the way PCRE handles regular
    expressions. If an application linked against PCRE parsed a malicious
    regular expression, it may have been possible to run arbitrary code as
    the user running the application.
    
    VMware would like to thank Ludwig Nussel for reporting these issues.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.
    
    b. Updated net-snmp Service Console package addresses denial of service
    
    net-snmp is an implementation of the Simple Network Management
    Protocol (SNMP).  SNMP is used by network management systems to
    monitor hosts.  By default ESX has this service enabled and its ports
    open on the ESX firewall.
    
    A flaw was discovered in the way net-snmp handled certain requests. A
    remote attacker who can connect to the snmpd UDP port could send a
    malicious packet causing snmpd to crash, resulting in a denial of
    service.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2007-5846 to this issue.
    
    c. Updated OpenPegasus Service Console package fixes overflow condition
    
    OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
    Management (WBEM) broker.  These protocols are used by network management
    systems to monitor and control hosts.  By default ESX has this service
    enabled and its ports open on the ESX firewall.
    
    A flaw was discovered in the OpenPegasus CIM management server that
    might allow remote attackers to execute arbitrary code.  OpenPegasus
    when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
    defined, has a stack-based buffer overflow condition.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2008-0003 to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2008/000019.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2008-04-15");
    flag = 0;
    
    
    if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004184")) flag++;
    if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004187")) flag++;
    if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004188")) flag++;
    
    if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004213")) flag++;
    if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004217")) flag++;
    if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004218")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 3.5.0",
        patch         : "ESX350-200803201-UG",
        patch_updates : make_list("ESX350-200911210-UG", "ESX350-200912406-BG", "ESX350-201006409-BG", "ESX350-201105403-BG", "ESX350-Update01", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 3.5.0",
        patch         : "ESX350-200803214-UG",
        patch_updates : make_list("ESX350-Update01", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
      )
    ) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1063.NASL
    descriptionFrom Red Hat Security Advisory 2007:1063 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67612
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67612
    titleOracle Linux 3 : pcre (ELSA-2007-1063)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:1063 and 
    # Oracle Linux Security Advisory ELSA-2007-1063 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67612);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2006-7228", "CVE-2007-1660");
      script_bugtraq_id(26462);
      script_xref(name:"RHSA", value:"2007:1063");
    
      script_name(english:"Oracle Linux 3 : pcre (ELSA-2007-1063)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:1063 :
    
    Updated pcre packages that resolve several security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    PCRE is a Perl-compatible regular expression library.
    
    Flaws were discovered in the way PCRE handles certain malformed
    regular expressions. If an application linked against PCRE, such as
    Konqueror, parsed a malicious regular expression, it may have been
    possible to run arbitrary code as the user running the application.
    (CVE-2006-7228, CVE-2007-1660)
    
    Users of PCRE are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues.
    
    Red Hat would like to thank Ludwig Nussel for reporting these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-November/000417.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pcre packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"pcre-3.9-10.4")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"pcre-3.9-10.4")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"pcre-devel-3.9-10.4")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"pcre-devel-3.9-10.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-4808.NASL
    descriptionThis update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. (CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658) - Data for some time zones has been updated
    last seen2020-06-01
    modified2020-06-02
    plugin id29780
    published2007-12-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29780
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29780);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898");
    
      script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple bugs in php :
    
      - use system pcre library to fix several pcre
        vulnerabilities. (CVE-2007-1659 / CVE-2006-7230 /
        CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 /
        CVE-2006-7228)
    
      - Flaws in processing multi byte sequences in
        htmlentities/htmlspecialchars. (CVE-2007-5898)
    
      - overly long arguments to the dl() function could crash
        php. (CVE-2007-4825)
    
      - overy long arguments to the glob() function could crash
        php. (CVE-2007-4782)
    
      - overly long arguments to some iconv functions could
        crash php. (CVE-2007-4840)
    
      - overy long arguments to the setlocale() function could
        crash php. (CVE-2007-4784)
    
      - the wordwrap-Function could cause a floating point
        exception. (CVE-2007-3998)
    
      - overy long arguments to the fnmatch() function could
        crash php. (CVE-2007-4782)
    
      - incorrect size calculation in the chunk_split function
        could lead to a buffer overflow. (CVE-2007-4661)
    
      - Flaws in the GD extension could lead to integer
        overflows. (CVE-2007-3996)
    
      - The money_format function contained format string flaws.
        (CVE-2007-4658)
    
      - Data for some time zones has been updated"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2005-4872.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7227.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7228.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7230.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-1659.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-1660.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3996.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3998.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4658.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4661.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4782.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4784.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4825.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5898.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4808.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(20, 22, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:1, reference:"apache2-mod_php5-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-bcmath-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-bz2-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-calendar-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-ctype-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-curl-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-dba-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-dbase-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-devel-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-dom-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-exif-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-fastcgi-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-filepro-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-ftp-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-gd-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-gettext-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-gmp-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-iconv-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-imap-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-ldap-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-mbstring-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-mcrypt-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-mhash-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-mysql-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-mysqli-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-ncurses-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-odbc-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-openssl-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-pcntl-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-pdo-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-pear-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-pgsql-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-posix-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-pspell-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-shmop-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-snmp-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-soap-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-sockets-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-sqlite-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-suhosin-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvmsg-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvsem-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvshm-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-tokenizer-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-wddx-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-xmlreader-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-xmlrpc-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-xsl-5.1.2-29.50")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"php5-zlib-5.1.2-29.50")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1068.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28367
    published2007-11-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28367
    titleRHEL 4 : pcre (RHSA-2007:1068)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1068. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28367);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659");
      script_bugtraq_id(26462, 26550, 26725);
      script_xref(name:"RHSA", value:"2007:1068");
    
      script_name(english:"RHEL 4 : pcre (RHSA-2007:1068)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated pcre packages that resolve several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    PCRE is a Perl-compatible regular expression library.
    
    Flaws were discovered in the way PCRE handles certain malformed
    regular expressions. If an application linked against PCRE, such as
    Konqueror, parses a malicious regular expression, it may have been
    possible to run arbitrary code as the user running the application.
    (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230,
    CVE-2007-1659)
    
    Users of PCRE are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues.
    
    Red Hat would like to thank Ludwig Nussel for reporting these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1659"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:1068"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pcre and / or pcre-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pcre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:1068";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"pcre-4.5-4.el4_6.6")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"pcre-devel-4.5-4.el4_6.6")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12049.NASL
    descriptionThis update fixes multiple bugs in php : - several problems in pcre (CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661, CVE-2007-2872) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658)
    last seen2020-06-01
    modified2020-06-02
    plugin id41187
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41187
    titleSuSE9 Security Update : PHP4 (YOU Patch Number 12049)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41187);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2005-4872", "CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-2872", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898");
    
      script_name(english:"SuSE9 Security Update : PHP4 (YOU Patch Number 12049)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple bugs in php :
    
      - several problems in pcre (CVE-2007-1660, CVE-2006-7225,
        CVE-2006-7224, CVE-2006-7226 CVE-2007-1659,
        CVE-2006-7230)
    
      - Flaws in processing multi byte sequences in
        htmlentities/htmlspecialchars. (CVE-2007-5898)
    
      - overly long arguments to the dl() function could crash
        php. (CVE-2007-4825)
    
      - overy long arguments to the glob() function could crash
        php. (CVE-2007-4782)
    
      - overly long arguments to some iconv functions could
        crash php. (CVE-2007-4840)
    
      - overy long arguments to the setlocale() function could
        crash php. (CVE-2007-4784)
    
      - the wordwrap-Function could cause a floating point
        exception. (CVE-2007-3998)
    
      - overy long arguments to the fnmatch() function could
        crash php. (CVE-2007-4782)
    
      - incorrect size calculation in the chunk_split function
        could lead to a buffer overflow. (CVE-2007-4661,
        CVE-2007-2872)
    
      - Flaws in the GD extension could lead to integer
        overflows. (CVE-2007-3996)
    
      - The money_format function contained format string flaws.
        (CVE-2007-4658)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7224.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7225.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7226.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7230.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-1659.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-1660.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2872.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3996.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3998.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4658.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4661.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4782.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4784.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4825.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5898.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12049.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(20, 22, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"apache-mod_php4-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"apache2-mod_php4-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"mod_php4-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"mod_php4-apache2-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"mod_php4-core-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"mod_php4-servlet-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-bcmath-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-bz2-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-calendar-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-ctype-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-curl-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-dba-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-dbase-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-devel-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-domxml-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-exif-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-fastcgi-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-filepro-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-ftp-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-gd-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-gettext-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-gmp-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-imap-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-ldap-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mbstring-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mcal-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mcrypt-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mhash-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mime_magic-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-mysql-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-pear-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-pgsql-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-qtdom-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-readline-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-recode-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-servlet-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-session-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-shmop-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-snmp-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-sockets-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-sysvsem-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-sysvshm-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-unixODBC-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-wddx-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-xslt-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-yp-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", reference:"php4-zlib-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"php4-iconv-4.3.4-43.85")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"php4-swf-4.3.4-43.85")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0003.NASL
    descriptionI Updated ESX driver a. Updated aacraid driver This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue. II Service Console package security updates a. Samba Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue. b. Python Chris Evans of the Google security research team discovered an integer overflow issue with the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id40374
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40374
    titleVMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071129_PCRE_ON_SL4_X.NASL
    descriptionFlaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1660)
    last seen2020-06-01
    modified2020-06-02
    plugin id65042
    published2013-03-06
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65042
    titleScientific Linux Security Update : pcre on SL4.x, SL3.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0546.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33512
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33512
    titleRHEL 2.1 : php (RHSA-2008:0546)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-30 (PCRE: Multiple vulnerabilities) Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing
    last seen2020-06-01
    modified2020-06-02
    plugin id28319
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28319
    titleGLSA-200711-30 : PCRE: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1059.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28364
    published2007-11-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28364
    titleRHEL 5 : pcre (RHSA-2007:1059)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1059.NASL
    descriptionFrom Red Hat Security Advisory 2007:1059 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67611
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67611
    titleOracle Linux 5 : pcre (ELSA-2007-1059)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-212.NASL
    descriptionMultiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. Additionally, Corporate Server 4.0 was updated to pcre version 6.7 which corrected CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, and CVE-2006-7230.
    last seen2020-06-01
    modified2020-06-02
    plugin id27849
    published2007-11-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27849
    titleMandrake Linux Security Advisory : pcre (MDKSA-2007:212)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1076.NASL
    descriptionUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id29255
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29255
    titleCentOS 3 / 4 : python (CESA-2007:1076)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1570.NASL
    descriptionAndrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
    last seen2020-06-01
    modified2020-06-02
    plugin id32144
    published2008-05-09
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32144
    titleDebian DSA-1570-1 : kazehakase - various
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1065.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28366
    published2007-11-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28366
    titleRHEL 2.1 : pcre (RHSA-2007:1065)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1077.NASL
    descriptionUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id29302
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29302
    titleRHEL 2.1 : python (RHSA-2007:1077)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1063.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28365
    published2007-11-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28365
    titleRHEL 3 : pcre (RHSA-2007:1063)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1076.NASL
    descriptionUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id29301
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29301
    titleRHEL 3 / 4 : python (RHSA-2007:1076)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200802-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200802-10 (Python: PCRE Integer overflow) Python 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. Impact : An attacker could exploit the vulnerability by tricking a vulnerable Python application to compile a regular expressions, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id31158
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31158
    titleGLSA-200802-10 : Python: PCRE Integer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1063.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36264
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36264
    titleCentOS 3 : pcre (CESA-2007:1063)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1068.NASL
    descriptionUpdated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67061
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67061
    titleCentOS 4 : pcre (CESA-2007:1068)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071210_PYTHON_ON_SL4_X.NASL
    descriptionAn integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id60327
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60327
    titleScientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071109_PCRE_ON_SL5_X.NASL
    descriptionThis importance of this has been reduced to
    last seen2020-06-01
    modified2020-06-02
    plugin id60298
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60298
    titleScientific Linux Security Update : pcre on SL5.x i386/x86_64

Oval

accepted2013-04-29T04:08:58.870-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
familyunix
idoval:org.mitre.oval:def:10810
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
version27

Redhat

advisories
  • rhsa
    idRHSA-2007:1059
  • rhsa
    idRHSA-2007:1063
  • rhsa
    idRHSA-2007:1065
  • rhsa
    idRHSA-2007:1068
  • rhsa
    idRHSA-2007:1076
  • rhsa
    idRHSA-2007:1077
  • rhsa
    idRHSA-2008:0546
rpms
  • pcre-0:6.6-2.el5_1.7
  • pcre-debuginfo-0:6.6-2.el5_1.7
  • pcre-devel-0:6.6-2.el5_1.7
  • pcre-0:3.9-10.4
  • pcre-debuginfo-0:3.9-10.4
  • pcre-devel-0:3.9-10.4
  • pcre-0:3.4-2.4
  • pcre-devel-0:3.4-2.4
  • pcre-0:4.5-4.el4_6.6
  • pcre-debuginfo-0:4.5-4.el4_6.6
  • pcre-devel-0:4.5-4.el4_6.6
  • python-0:2.2.3-6.8
  • python-0:2.3.4-14.4.el4_6.1
  • python-debuginfo-0:2.2.3-6.8
  • python-debuginfo-0:2.3.4-14.4.el4_6.1
  • python-devel-0:2.2.3-6.8
  • python-devel-0:2.3.4-14.4.el4_6.1
  • python-docs-0:2.3.4-14.4.el4_6.1
  • python-tools-0:2.2.3-6.8
  • python-tools-0:2.3.4-14.4.el4_6.1
  • tkinter-0:2.2.3-6.8
  • tkinter-0:2.3.4-14.4.el4_6.1
  • python-0:1.5.2-43.72.2
  • python-devel-0:1.5.2-43.72.2
  • python-docs-0:1.5.2-43.72.2
  • python-tools-0:1.5.2-43.72.2
  • tkinter-0:1.5.2-43.72.2
  • php-0:4.1.2-2.20
  • php-devel-0:4.1.2-2.20
  • php-imap-0:4.1.2-2.20
  • php-ldap-0:4.1.2-2.20
  • php-manual-0:4.1.2-2.20
  • php-mysql-0:4.1.2-2.20
  • php-odbc-0:4.1.2-2.20
  • php-pgsql-0:4.1.2-2.20

References