Vulnerabilities > CVE-2010-2094 - USE of Externally-Controlled Format String vulnerability in PHP 5.3.0/5.3.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Exploit-Db
| description | PHP 5.x 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities. CVE-2010-2094. Remote exploit for php platform |
| id | EDB-ID:33988 |
| last seen | 2016-02-03 |
| modified | 2010-05-14 |
| published | 2010-05-14 |
| reporter | Stefan Esser |
| source | https://www.exploit-db.com/download/33988/ |
| title | PHP 5.x - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_APACHE2-MOD_PHP5-100928.NASL description PHP was updated to version 5.2.14 to fix several security issues : - [CVE-2010-1860](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1860) - [CVE-2010-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1862) - [CVE-2010-1864](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1864) - [CVE-2010-1914](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1914) - [CVE-2010-1915](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1915) - [CVE-2010-1917](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1917) - [CVE-2010-2093](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2093) - [CVE-2010-2094](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2094) - [CVE-2010-2097](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2097) - [CVE-2010-2100](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2100) - [CVE-2010-2101](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2101) - [CVE-2010-2190](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2190) - [CVE-2010-2191](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2191) - [CVE-2010-2225](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2225) - [CVE-2010-2484](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2484) - [CVE-2010-2531](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2531) - [CVE-2010-3062](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3062) - [CVE-2010-3063](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3063) - [CVE-2010-3064](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3064) - [CVE-2010-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3065) last seen 2020-06-01 modified 2020-06-02 plugin id 49752 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49752 title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update apache2-mod_php5-3213. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(49752); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"); script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)"); script_summary(english:"Check for the apache2-mod_php5-3213 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "PHP was updated to version 5.2.14 to fix several security issues : - [CVE-2010-1860](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1860) - [CVE-2010-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1862) - [CVE-2010-1864](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1864) - [CVE-2010-1914](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1914) - [CVE-2010-1915](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1915) - [CVE-2010-1917](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1917) - [CVE-2010-2093](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2093) - [CVE-2010-2094](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2094) - [CVE-2010-2097](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2097) - [CVE-2010-2100](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2100) - [CVE-2010-2101](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2101) - [CVE-2010-2190](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2190) - [CVE-2010-2191](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2191) - [CVE-2010-2225](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2225) - [CVE-2010-2484](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2484) - [CVE-2010-2531](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2531) - [CVE-2010-3062](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3062) - [CVE-2010-3063](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3063) - [CVE-2010-3064](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3064) - [CVE-2010-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3065)" ); script_set_attribute( attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?nam" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=605097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=605100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609763" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609768" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609769" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=612555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=612556" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=616232" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619469" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619486" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619487" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619489" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=633932" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=636923" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-09/msg00053.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_php5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"apache2-mod_php5-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-bcmath-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-bz2-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-calendar-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-ctype-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-curl-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-dba-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-dbase-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-devel-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-dom-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-exif-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-fastcgi-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-ftp-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-gd-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-gettext-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-gmp-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-hash-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-iconv-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-imap-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-json-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-ldap-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-mbstring-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-mcrypt-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-mysql-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-ncurses-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-odbc-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-openssl-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-pcntl-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-pdo-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-pear-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-pgsql-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-posix-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-pspell-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-readline-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-shmop-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-snmp-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-soap-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-sockets-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-sqlite-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-suhosin-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-sysvmsg-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-sysvsem-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-sysvshm-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-tidy-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-tokenizer-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-wddx-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-xmlreader-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-xmlrpc-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-xmlwriter-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-xsl-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-zip-5.2.14-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"php5-zlib-5.2.14-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_3_APACHE2-MOD_PHP5-100812.NASL description PHP was updated to version 5.3.3 to fix serveral security issues. (CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065) last seen 2020-06-01 modified 2020-06-02 plugin id 75429 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75429 title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update apache2-mod_php5-2929. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75429); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-0397", "CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065"); script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)"); script_summary(english:"Check for the apache2-mod_php5-2929 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "PHP was updated to version 5.3.3 to fix serveral security issues. (CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=588975" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=604656" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=605097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=605100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609763" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609768" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609769" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=612555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=612556" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=616232" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619486" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619487" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619489" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=633932" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=633934" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=636923" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-09/msg00013.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_php5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"apache2-mod_php5-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-bcmath-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-bz2-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-calendar-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-ctype-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-curl-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-dba-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-devel-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-dom-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-enchant-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-exif-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-fastcgi-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-fileinfo-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-ftp-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-gd-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-gettext-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-gmp-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-hash-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-iconv-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-imap-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-intl-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-json-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-ldap-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-mbstring-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-mcrypt-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-mysql-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-odbc-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-openssl-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-pcntl-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-pdo-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-pear-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-pgsql-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-phar-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-posix-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-pspell-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-readline-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-shmop-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-snmp-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-soap-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-sockets-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-sqlite-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-suhosin-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvmsg-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvsem-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvshm-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-tidy-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-tokenizer-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-wddx-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlreader-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlrpc-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlwriter-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-xsl-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-zip-5.3.3-0.1.2") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"php5-zlib-5.3.3-0.1.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-7110.NASL description PHP was updated to version 5.2.14 to fix serveral security issues : - CVE-2010-1860 - CVE-2010-1862 - CVE-2010-1864 - CVE-2010-1914 - CVE-2010-1915 - CVE-2010-1917 - CVE-2010-2093 - CVE-2010-2094 - CVE-2010-2097 - CVE-2010-2100 - CVE-2010-2101 - CVE-2010-2190 - CVE-2010-2191 - CVE-2010-2225 - CVE-2010-2484 - CVE-2010-2531 - CVE-2010-3062 - CVE-2010-3063 - CVE-2010-3064 - CVE-2010-3065 last seen 2020-06-01 modified 2020-06-02 plugin id 49830 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49830 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-06.NASL description The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56459 published 2011-10-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56459 title GLSA-201110-06 : PHP: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP5-100805.NASL description PHP was updated to version 5.2.14 to fix serveral security issues : - CVE-2010-1860 - CVE-2010-1862 - CVE-2010-1864 - CVE-2010-1914 - CVE-2010-1915 - CVE-2010-1917 - CVE-2010-2093 - CVE-2010-2094 - CVE-2010-2097 - CVE-2010-2100 - CVE-2010-2101 - CVE-2010-2190 - CVE-2010-2191 - CVE-2010-2225 - CVE-2010-2484 - CVE-2010-2531 - CVE-2010-3062 - CVE-2010-3063 - CVE-2010-3064 - CVE-2010-3065 last seen 2020-06-01 modified 2020-06-02 plugin id 50890 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50890 title SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881) NASL family SuSE Local Security Checks NASL id SUSE_11_2_APACHE2-MOD_PHP5-100813.NASL description PHP was updated to version 5.3.3 to fix serveral security issues. (CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065) last seen 2020-06-01 modified 2020-06-02 plugin id 49210 published 2010-09-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49210 title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DA3D381B0EE611E0BECC0022156E8794.NASL description Entry for CVE-2010-2094 says : Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. PECL source code for PHAR extension shares the same code, so it is vulnerable too. last seen 2020-06-01 modified 2020-06-02 plugin id 56499 published 2011-10-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56499 title FreeBSD : pecl-phar -- format string vulnerability (da3d381b-0ee6-11e0-becc-0022156e8794) NASL family CGI abuses NASL id PHP_5_3_4.NASL description According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.4. Such versions may be affected by several security issues : - A crash in the zip extract method. - A stack-based buffer overflow in impagepstext() of the GD extension. - An unspecified vulnerability related to symbolic resolution when using a DFS share. - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243) - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950) - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436) - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709) - Memory corruption in php_filter_validate_email(). (CVE-2010-3710) - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870) - A possible double free in the IMAP extension. (CVE-2010-4150) - An information disclosure vulnerability in last seen 2020-06-01 modified 2020-06-02 plugin id 51140 published 2010-12-13 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51140 title PHP 5.3 < 5.3.4 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-989-1.NASL description Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397) It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1128) It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129) Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1130) Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1866) Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges. (CVE-2010-1868) Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. (CVE-2010-1917) Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2094, CVE-2010-2950) Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. (CVE-2010-2225) It was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. (CVE-2010-2531) Stefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables. (CVE-2010-3065). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49306 published 2010-09-21 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49306 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html
- http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/index.html
- http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/index.html
- http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/index.html
- http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/index.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:004
- http://www.vupen.com/english/advisories/2011/0068