Vulnerabilities > CVE-2006-7228 - Numeric Errors vulnerability in Pcre
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12013.NASL description Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228) last seen 2020-06-01 modified 2020-06-02 plugin id 41173 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41173 title SuSE9 Security Update : Python (YOU Patch Number 12013) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41173); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2005-2491", "CVE-2006-7228"); script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12013)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2005-2491/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7228.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12013."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200712110030")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE9_12000.NASL description Apache2 contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2006-7224, CVE-2007-1660) last seen 2020-06-01 modified 2020-06-02 plugin id 41170 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41170 title SuSE9 Security Update : Apache 2 (YOU Patch Number 12000) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41170); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2007-1660"); script_name(english:"SuSE9 Security Update : Apache 2 (YOU Patch Number 12000)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Apache2 contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2006-7224, CVE-2007-1660)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7224.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1660.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12000."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"apache2-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-devel-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-doc-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-example-pages-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-prefork-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-worker-2.0.59-1.6")) flag++; if (rpm_check(release:"SUSE9", reference:"libapr0-2.0.59-1.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1068.NASL description From Red Hat Security Advisory 2007:1068 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67613 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67613 title Oracle Linux 4 : pcre (ELSA-2007-1068) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1068 and # Oracle Linux Security Advisory ELSA-2007-1068 respectively. # include("compat.inc"); if (description) { script_id(67613); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659"); script_bugtraq_id(26462, 26550, 26725); script_xref(name:"RHSA", value:"2007:1068"); script_name(english:"Oracle Linux 4 : pcre (ELSA-2007-1068)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1068 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000422.html" ); script_set_attribute(attribute:"solution", value:"Update the affected pcre packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"pcre-4.5-4.el4_6.6")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"pcre-4.5-4.el4_6.6")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"pcre-devel-4.5-4.el4_6.6")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"pcre-devel-4.5-4.el4_6.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1076.NASL description From Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 67614 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67614 title Oracle Linux 3 / 4 : python (ELSA-2007-1076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1076 and # Oracle Linux Security Advisory ELSA-2007-1076 respectively. # include("compat.inc"); if (description) { script_id(67614); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965"); script_bugtraq_id(25696, 26462); script_xref(name:"RHSA", value:"2007:1076"); script_name(english:"Oracle Linux 3 / 4 : python (ELSA-2007-1076)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html" ); script_set_attribute( attribute:"solution", value:"Update the affected python packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-devel-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-devel-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-tools-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-tools-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"tkinter-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"tkinter-2.2.3-6.8")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter"); }
NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-4810.NASL description This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities (CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - The money_format function contained format string flaws (CVE-2007-4658) - Data for some time zones has been updated last seen 2020-06-01 modified 2020-06-02 plugin id 29878 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29878 title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update apache2-mod_php5-4810. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(29878); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898"); script_name(english:"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)"); script_summary(english:"Check for the apache2-mod_php5-4810 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities (CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - The money_format function contained format string flaws (CVE-2007-4658) - Data for some time zones has been updated" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_php5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(20, 22, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-filepro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo_sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"apache2-mod_php5-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-bcmath-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-bz2-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-calendar-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-ctype-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-curl-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-dba-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-dbase-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-devel-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-dom-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-exif-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-fastcgi-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-filepro-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-ftp-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-gd-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-gettext-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-gmp-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-iconv-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-imap-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-ldap-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-mbstring-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-mcrypt-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-mhash-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-mysql-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-mysqli-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-ncurses-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-odbc-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-openssl-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pcntl-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_mysql-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_pgsql-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pdo_sqlite-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pear-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pgsql-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-posix-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-pspell-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-shmop-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-snmp-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-soap-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-sockets-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-sqlite-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvmsg-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvsem-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-sysvshm-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-tidy-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-tokenizer-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-wddx-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlreader-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlrpc-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-xmlwriter-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-xsl-5.1.2-29.50") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"php5-zlib-5.1.2-29.50") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc"); }
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0007.NASL description a. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40377 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40377 title VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2008-0007. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40377); script_version("1.24"); script_cvs_date("Date: 2018/08/07 11:56:11"); script_cve_id("CVE-2006-7228", "CVE-2007-1660", "CVE-2007-5846", "CVE-2008-0003"); script_bugtraq_id(26378, 26462, 26727, 27172); script_xref(name:"VMSA", value:"2008-0007"); script_name(english:"VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2008/000019.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2008-04-15"); flag = 0; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004184")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004187")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004188")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004213")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004217")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1004218")) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200803201-UG", patch_updates : make_list("ESX350-200911210-UG", "ESX350-200912406-BG", "ESX350-201006409-BG", "ESX350-201105403-BG", "ESX350-Update01", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200803214-UG", patch_updates : make_list("ESX350-Update01", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1063.NASL description From Red Hat Security Advisory 2007:1063 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67612 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67612 title Oracle Linux 3 : pcre (ELSA-2007-1063) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1063 and # Oracle Linux Security Advisory ELSA-2007-1063 respectively. # include("compat.inc"); if (description) { script_id(67612); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2006-7228", "CVE-2007-1660"); script_bugtraq_id(26462); script_xref(name:"RHSA", value:"2007:1063"); script_name(english:"Oracle Linux 3 : pcre (ELSA-2007-1063)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1063 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-November/000417.html" ); script_set_attribute(attribute:"solution", value:"Update the affected pcre packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pcre-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"pcre-3.9-10.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"pcre-3.9-10.4")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"pcre-devel-3.9-10.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"pcre-devel-3.9-10.4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel"); }
NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-4808.NASL description This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. (CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658) - Data for some time zones has been updated last seen 2020-06-01 modified 2020-06-02 plugin id 29780 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29780 title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(29780); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2005-4872", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898"); script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. (CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658) - Data for some time zones has been updated" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2005-4872.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7227.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7228.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7230.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1659.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1660.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3996.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4658.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4661.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4782.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4784.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4825.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4840.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5898.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4808."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(20, 22, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:1, reference:"apache2-mod_php5-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-bcmath-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-bz2-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-calendar-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-ctype-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-curl-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-dba-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-dbase-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-devel-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-dom-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-exif-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-fastcgi-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-filepro-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-ftp-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-gd-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-gettext-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-gmp-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-iconv-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-imap-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-ldap-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-mbstring-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-mcrypt-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-mhash-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-mysql-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-mysqli-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-ncurses-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-odbc-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-openssl-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-pcntl-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-pdo-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-pear-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-pgsql-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-posix-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-pspell-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-shmop-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-snmp-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-soap-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-sockets-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-sqlite-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-suhosin-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvmsg-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvsem-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-sysvshm-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-tokenizer-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-wddx-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-xmlreader-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-xmlrpc-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-xsl-5.1.2-29.50")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"php5-zlib-5.1.2-29.50")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1068.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28367 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28367 title RHEL 4 : pcre (RHSA-2007:1068) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1068. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(28367); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659"); script_bugtraq_id(26462, 26550, 26725); script_xref(name:"RHSA", value:"2007:1068"); script_name(english:"RHEL 4 : pcre (RHSA-2007:1068)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7225" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7226" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7228" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7230" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1659" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1068" ); script_set_attribute( attribute:"solution", value:"Update the affected pcre and / or pcre-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pcre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pcre-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1068"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"pcre-4.5-4.el4_6.6")) flag++; if (rpm_check(release:"RHEL4", reference:"pcre-devel-4.5-4.el4_6.6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-devel"); } }
NASL family SuSE Local Security Checks NASL id SUSE9_12049.NASL description This update fixes multiple bugs in php : - several problems in pcre (CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661, CVE-2007-2872) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658) last seen 2020-06-01 modified 2020-06-02 plugin id 41187 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41187 title SuSE9 Security Update : PHP4 (YOU Patch Number 12049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41187); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2005-4872", "CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7227", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-2872", "CVE-2007-3996", "CVE-2007-3998", "CVE-2007-4658", "CVE-2007-4661", "CVE-2007-4782", "CVE-2007-4784", "CVE-2007-4825", "CVE-2007-4840", "CVE-2007-5898"); script_name(english:"SuSE9 Security Update : PHP4 (YOU Patch Number 12049)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes multiple bugs in php : - several problems in pcre (CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661, CVE-2007-2872) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7224.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7225.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7226.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7230.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1659.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1660.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2872.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3996.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4658.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4661.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4782.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4784.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4825.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4840.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5898.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12049."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(20, 22, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"apache-mod_php4-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-mod_php4-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"mod_php4-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"mod_php4-apache2-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"mod_php4-core-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"mod_php4-servlet-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-bcmath-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-bz2-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-calendar-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-ctype-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-curl-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-dba-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-dbase-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-devel-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-domxml-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-exif-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-fastcgi-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-filepro-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-ftp-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-gd-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-gettext-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-gmp-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-imap-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-ldap-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mbstring-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mcal-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mcrypt-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mhash-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mime_magic-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-mysql-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-pear-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-pgsql-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-qtdom-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-readline-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-recode-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-servlet-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-session-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-shmop-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-snmp-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-sockets-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-sysvsem-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-sysvshm-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-unixODBC-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-wddx-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-xslt-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-yp-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", reference:"php4-zlib-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", cpu:"i586", reference:"php4-iconv-4.3.4-43.85")) flag++; if (rpm_check(release:"SUSE9", cpu:"i586", reference:"php4-swf-4.3.4-43.85")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0003.NASL description I Updated ESX driver a. Updated aacraid driver This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue. II Service Console package security updates a. Samba Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue. b. Python Chris Evans of the Google security research team discovered an integer overflow issue with the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 40374 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40374 title VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates NASL family Scientific Linux Local Security Checks NASL id SL_20071129_PCRE_ON_SL4_X.NASL description Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1660) last seen 2020-06-01 modified 2020-06-02 plugin id 65042 published 2013-03-06 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65042 title Scientific Linux Security Update : pcre on SL4.x, SL3.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0546.NASL description Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user last seen 2020-06-01 modified 2020-06-02 plugin id 33512 published 2008-07-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33512 title RHEL 2.1 : php (RHSA-2008:0546) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-30.NASL description The remote host is affected by the vulnerability described in GLSA-200711-30 (PCRE: Multiple vulnerabilities) Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing last seen 2020-06-01 modified 2020-06-02 plugin id 28319 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28319 title GLSA-200711-30 : PCRE: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1059.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28364 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28364 title RHEL 5 : pcre (RHSA-2007:1059) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1059.NASL description From Red Hat Security Advisory 2007:1059 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67611 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67611 title Oracle Linux 5 : pcre (ELSA-2007-1059) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-212.NASL description Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. Additionally, Corporate Server 4.0 was updated to pcre version 6.7 which corrected CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, and CVE-2006-7230. last seen 2020-06-01 modified 2020-06-02 plugin id 27849 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27849 title Mandrake Linux Security Advisory : pcre (MDKSA-2007:212) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1076.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29255 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29255 title CentOS 3 / 4 : python (CESA-2007:1076) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1570.NASL description Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. last seen 2020-06-01 modified 2020-06-02 plugin id 32144 published 2008-05-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32144 title Debian DSA-1570-1 : kazehakase - various NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1065.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28366 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28366 title RHEL 2.1 : pcre (RHSA-2007:1065) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1077.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29302 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29302 title RHEL 2.1 : python (RHSA-2007:1077) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1063.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28365 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28365 title RHEL 3 : pcre (RHSA-2007:1063) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1076.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29301 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29301 title RHEL 3 / 4 : python (RHSA-2007:1076) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200802-10.NASL description The remote host is affected by the vulnerability described in GLSA-200802-10 (Python: PCRE Integer overflow) Python 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. Impact : An attacker could exploit the vulnerability by tricking a vulnerable Python application to compile a regular expressions, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 31158 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31158 title GLSA-200802-10 : Python: PCRE Integer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1063.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7228, CVE-2007-1660) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36264 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36264 title CentOS 3 : pcre (CESA-2007:1063) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1068.NASL description Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67061 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67061 title CentOS 4 : pcre (CESA-2007:1068) NASL family Scientific Linux Local Security Checks NASL id SL_20071210_PYTHON_ON_SL4_X.NASL description An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 60327 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60327 title Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20071109_PCRE_ON_SL5_X.NASL description This importance of this has been reduced to last seen 2020-06-01 modified 2020-06-02 plugin id 60298 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60298 title Scientific Linux Security Update : pcre on SL5.x i386/x86_64
Oval
accepted | 2013-04-29T04:08:58.870-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10810 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||
rpms |
|
References
- http://scary.beasts.org/security/CESA-2007-006.html
- http://www.pcre.org/changelog.txt
- http://secunia.com/advisories/27582
- https://bugzilla.redhat.com/show_bug.cgi?id=383371
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.redhat.com/support/errata/RHSA-2007-1063.html
- http://www.redhat.com/support/errata/RHSA-2007-1065.html
- http://www.redhat.com/support/errata/RHSA-2007-1059.html
- http://www.redhat.com/support/errata/RHSA-2007-1068.html
- http://www.redhat.com/support/errata/RHSA-2007-1076.html
- http://www.redhat.com/support/errata/RHSA-2007-1077.html
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.securityfocus.com/bid/26462
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27776
- http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
- http://secunia.com/advisories/28027
- http://secunia.com/advisories/28050
- http://secunia.com/advisories/28041
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/28658
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://lists.vmware.com/pipermail/security-announce/2008/000005.html
- http://security.gentoo.org/glsa/glsa-200802-10.xml
- http://secunia.com/advisories/29032
- http://secunia.com/advisories/29085
- http://lists.vmware.com/pipermail/security-announce/2008/000014.html
- http://secunia.com/advisories/29785
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://www.redhat.com/support/errata/RHSA-2008-0546.html
- http://secunia.com/advisories/31124
- http://www.debian.org/security/2008/dsa-1570
- http://secunia.com/advisories/30106
- http://www.vupen.com/english/advisories/2008/1234/references
- http://www.vupen.com/english/advisories/2008/0637
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810
- http://www.securityfocus.com/archive/1/490917/100/0/threaded
- http://www.securityfocus.com/archive/1/488457/100/0/threaded