Vulnerabilities > CVE-2009-3559 - Unspecified vulnerability in PHP 5.3.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN php
nessus
Summary
main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_3.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 45372 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45372 title Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(45372); script_version("1.31"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id( "CVE-2003-0063", "CVE-2006-1329", "CVE-2008-4456", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0057", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537" ); script_bugtraq_id( 6940, 17155, 31486, 35193, 35196, 35233, 35263, 35278, 35416, 35510, 35579, 35609, 36032, 36278, 36554, 36555, 36573, 37075, 37142, 37297, 37942, 37944, 37945, 38043, 38524, 38673, 38676, 38677, 39151, 39153, 39157, 39160, 39161, 39171, 39172, 39175, 39194, 39230, 39231, 39232, 39234, 39236, 39252, 39255, 39256, 39258, 39264, 39268, 39273, 39274, 39278, 39279, 39281, 39291 ); script_name(english:"Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4077" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/19364" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 22, 59, 79, 119, 134, 189, 200, 264, 287, 310); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); c = get_kb_item("Host/OS/Confidence"); if ( isnull(os) || c <= 70 ) exit(0); } if (!os) exit(1, "The 'Host/OS' KB item is missing."); if (ereg(pattern:"Mac OS X 10\.6($|\.[0-2]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-002.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 45373 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45373 title Mac OS X Multiple Vulnerabilities (Security Update 2010-002) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(45373); script_version("1.29"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id( "CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0513", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0533" ); script_bugtraq_id( 6940, 12767, 17155, 27630, 28288, 29715, 30795, 33447, 33962, 34961, 35193, 35196, 35233, 35263, 35278, 35416, 35510, 35579, 36032, 36278, 36296, 36377, 36554, 36555, 36573, 37142, 37389, 37390, 37942, 37944, 37945, 38524, 38676, 38677, 39151, 39156, 39157, 39169, 39170, 39171, 39172, 39175, 39194, 39231, 39232, 39234, 39245, 39252, 39255, 39256, 39264, 39268, 39273, 39274, 39277, 39279, 39281, 39289, 39290, 39292 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-002)"); script_summary(english:"Check for the presence of Security Update 2010-002"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4077" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/19364" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2010-002 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 22, 79, 119, 189, 200, 264, 287, 310, 352, 362); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^9\.[0-8]\.", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[2-9]|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2010-002 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-302.NASL description Some vulnerabilities were discovered and corrected in php-5.3.1 : - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia) - Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia) - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se) Additionally, some packages which require so, have been rebuilt and are being provided as updates. last seen 2020-06-01 modified 2020-06-02 plugin id 48158 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48158 title Mandriva Linux Security Advisory : php (MDVSA-2009:302) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:302. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48158); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-3292", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559"); script_bugtraq_id(37079); script_xref(name:"MDVSA", value:"2009:302"); script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2009:302)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Some vulnerabilities were discovered and corrected in php-5.3.1 : - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia) - Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia) - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se) Additionally, some packages which require so, have been rebuilt and are being provided as updates." ); script_set_attribute( attribute:"see_also", value:"http://news.php.net/php.announce/79" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-apc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-apc-admin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-eaccelerator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-eaccelerator-admin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", reference:"apache-mod_php-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64php5_common5-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libphp5_common5-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-apc-3.1.3p1-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-apc-admin-3.1.3p1-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-bcmath-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-bz2-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-calendar-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-cgi-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-cli-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-ctype-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-curl-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-dba-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-devel-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-doc-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-dom-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-eaccelerator-0.9.6-0.358.4.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-enchant-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-exif-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-fileinfo-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-filter-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-ftp-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-gd-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-gettext-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-gmp-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-hash-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-iconv-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-imap-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-intl-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-json-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-ldap-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-mbstring-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-mcrypt-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-mssql-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-mysql-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-mysqli-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-odbc-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-openssl-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pcntl-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo_dblib-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo_mysql-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo_odbc-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo_pgsql-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pdo_sqlite-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pgsql-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-posix-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-pspell-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-readline-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-recode-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-session-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-shmop-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-snmp-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-soap-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sockets-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sqlite3-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-suhosin-0.9.29-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sybase_ct-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sysvmsg-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sysvsem-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-sysvshm-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-tidy-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-tokenizer-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-wddx-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-xml-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-xmlreader-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-xmlrpc-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-xmlwriter-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-xsl-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-zip-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"php-zlib-5.3.1-0.1mdv2010.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id PHP_5_3_1.NASL description According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues : - Sanity checks are missing in exif processing. - It is possible to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 42862 published 2009-11-20 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42862 title PHP 5.3 < 5.3.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42862); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:18"); script_cve_id( "CVE-2009-3557", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4018", "CVE-2010-1128" ); script_bugtraq_id(36554, 36555, 37079, 37138); script_xref(name:"Secunia", value:"37412"); script_name(english:"PHP 5.3 < 5.3.1 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP"); script_set_attribute( attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple flaws." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues : - Sanity checks are missing in exif processing. - It is possible to bypass the 'safe_mode' configuration setting using 'tempnam()'. - It is possible to bypass the 'open_basedir' configuration setting using 'posix_mkfifo()'. - The 'safe_mode_include_dir' configuration setting may be ignored. (Bug #50063) - Calling 'popen()' with an invalid mode can cause a crash under Windows. (Bug #44683) - Provided file uploading is enabled (it is by default), an attacker can upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. By supplying a large number (15,000+) of files, an attacker could cause the web server to stop responding while it processes the file list. - 'proc_open()' can bypass 'safe_mode_protected_env_vars'. (Bug #49026) - An unspecified vulnerability affects the LCG entropy." ); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/507982/30/0/threaded" ); script_set_attribute( attribute:"see_also", value:"http://www.php.net/releases/5_3_1.php" ); script_set_attribute( attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.1" ); script_set_attribute( attribute:"solution", value:"Upgrade to PHP version 5.3.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("php_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); if (version =~ "^5\.3\.0($|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version+ '\n Fixed version : 5.3.1\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
References
- http://www.openwall.com/lists/oss-security/2009/11/20/2
- http://www.php.net/ChangeLog-5.php
- http://bugs.php.net/bug.php?id=50063
- http://www.openwall.com/lists/oss-security/2009/11/20/3
- http://www.php.net/releases/5_3_1.php
- http://news.php.net/php.announce/79
- http://www.openwall.com/lists/oss-security/2009/11/20/5
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:302
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://support.apple.com/kb/HT4077