Vulnerabilities > CVE-2010-4150 - Resource Management Errors vulnerability in PHP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
php
CWE-399
nessus

Summary

Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_APACHE2-MOD_PHP5-110309.NASL
    descriptionphp5 was updated to fix several security issues. (CVE-2010-3709, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753, CVE-2011-0755,CVE-2011-0708, CVE-2011-0420)
    last seen2020-06-01
    modified2020-06-02
    plugin id75431
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75431
    titleopenSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update apache2-mod_php5-4119.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75431);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-3709", "CVE-2010-4150", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0420", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755");
    
      script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)");
      script_summary(english:"Check for the apache2-mod_php5-4119 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "php5 was updated to fix several security issues. (CVE-2010-3709,
    CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698,
    CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753,
    CVE-2011-0755,CVE-2011-0708, CVE-2011-0420)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=655968"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=656523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=660102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=662932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=666512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=671710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=672933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00002.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-mod_php5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"apache2-mod_php5-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-bcmath-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-bz2-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-calendar-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-ctype-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-curl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-dba-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-devel-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-dom-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-enchant-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-exif-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-fastcgi-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-fileinfo-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-ftp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-gd-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-gettext-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-gmp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-hash-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-iconv-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-imap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-intl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-json-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-ldap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-mbstring-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-mcrypt-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-mysql-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-odbc-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-openssl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-pcntl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-pdo-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-pear-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-pgsql-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-phar-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-posix-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-pspell-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-readline-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-shmop-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-snmp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-soap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-sockets-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-sqlite-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-suhosin-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvmsg-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvsem-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvshm-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-tidy-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-tokenizer-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-wddx-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlreader-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlrpc-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlwriter-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-xsl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-zip-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"php5-zlib-5.3.3-0.17.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-7375.NASL
    descriptionphp5 was updated to fix several security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53285
    published2011-04-04
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53285
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53285);
      script_version ("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2010-4150", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755");
    
      script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:"php5 was updated to fix several security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4150.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4645.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4697.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4698.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4699.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0708.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0752.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0753.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0755.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7375.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:3, reference:"apache2-mod_php5-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-bcmath-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-bz2-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-calendar-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-ctype-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-curl-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-dba-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-dbase-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-devel-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-dom-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-exif-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-fastcgi-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-ftp-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-gd-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-gettext-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-gmp-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-hash-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-iconv-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-imap-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-json-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-ldap-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-mbstring-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-mcrypt-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-mhash-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-mysql-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-ncurses-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-odbc-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-openssl-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-pcntl-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-pdo-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-pear-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-pgsql-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-posix-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-pspell-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-shmop-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-snmp-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-soap-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-sockets-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-sqlite-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-suhosin-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvmsg-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvsem-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvshm-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-tokenizer-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-wddx-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlreader-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlrpc-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-xsl-5.2.14-0.14.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"php5-zlib-5.2.14-0.14.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2195.NASL
    descriptionStephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441 ). When upgrading your php5-common package take special care to acceptthe changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.
    last seen2020-03-17
    modified2011-03-21
    plugin id52719
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52719
    titleDebian DSA-2195-1 : php5 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2195. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52719);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2011-0441");
      script_bugtraq_id(43926, 44605, 44718, 44980);
      script_xref(name:"DSA", value:"2195");
    
      script_name(english:"Debian DSA-2195-1 : php5 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Stephane Chazelas discovered that the cronjob of the PHP 5 package in
    Debian suffers from a race condition which might be used to remove
    arbitrary files from a system (CVE-2011-0441 ).
    
    When upgrading your php5-common package take special care to acceptthe
    changes to the /etc/cron.d/php5 file. Ignoring them would leave the
    system vulnerable."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-4150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/php5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2195"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the php5 packages.
    
    For the oldstable distribution (lenny), this problem has been fixed in
    version 5.2.6.dfsg.1-1+lenny10.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 5.3.3-7+squeeze1.
    
    Additionally, the following vulnerabilities have also been fixed in
    the oldstable distribution (lenny) :
    
      - CVE-2010-3709
        Maksymilian Arciemowicz discovered that the ZipArchive
        class may dereference a NULL pointer when extracting
        comments from a ZIP archive, leading to application
        crash and possible denial of service.
    
      - CVE-2010-3710
    
        Stefan Neufeind discovered that the
        FILTER_VALIDATE_EMAIL filter does not correctly handle
        long, to be validated, strings. Such crafted strings may
        lead to denial of service because of high memory
        consumption and application crash.
    
      - CVE-2010-3870
    
        It was discovered that PHP does not correctly handle
        certain UTF-8 sequences and may be used to bypass XSS
        protections.
    
      - CVE-2010-4150
    
        Mateusz Kocielski discovered that the IMAP extension may
        try to free already freed memory when processing user
        credentials, leading to application crash and possibly
        arbitrary code execution."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"php5", reference:"5.2.6.dfsg.1-1+lenny10")) flag++;
    if (deb_check(release:"6.0", prefix:"libapache2-mod-php5", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"libapache2-mod-php5filter", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php-pear", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-cgi", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-cli", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-common", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-curl", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-dbg", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-dev", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-enchant", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-gd", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-gmp", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-imap", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-interbase", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-intl", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-ldap", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-mcrypt", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-mysql", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-odbc", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-pgsql", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-pspell", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-recode", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-snmp", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-sqlite", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-sybase", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-tidy", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-xmlrpc", reference:"5.3.3-7+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-xsl", reference:"5.3.3-7+squeeze1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1A0704E70EDF11E0BECC0022156E8794.NASL
    descriptionThe following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15 : A remote user can send specially crafted IMAP user name or password data to trigger a double free memory error in
    last seen2020-06-01
    modified2020-06-02
    plugin id51503
    published2011-01-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51503
    titleFreeBSD : php-imap -- Denial of Service (1a0704e7-0edf-11e0-becc-0022156e8794)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51503);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:40");
    
      script_cve_id("CVE-2010-4150");
    
      script_name(english:"FreeBSD : php-imap -- Denial of Service (1a0704e7-0edf-11e0-becc-0022156e8794)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following DoS condition in IMAP extension was fixed in PHP 5.3.4
    and PHP 5.2.15 :
    
    A remote user can send specially crafted IMAP user name or password
    data to trigger a double free memory error in 'ext/imap/php_imap.c'
    and cause the target service to crash.
    
    It may be possible to execute arbitrary code. However, code execution
    was not confirmed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.php.net/releases/5_3_4.php"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.php.net/releases/5_2_15.php"
      );
      # https://vuxml.freebsd.org/freebsd/1a0704e7-0edf-11e0-becc-0022156e8794.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8f03aa4b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php52-imap");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"php5-imap<5.3.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php52-imap<5.2.15")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_APACHE2-MOD_PHP5-110309.NASL
    descriptionphp5 was updated to fix several security issues. (CVE-2010-3709, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753, CVE-2011-0755,CVE-2011-0708, CVE-2011-0420)
    last seen2020-06-01
    modified2020-06-02
    plugin id53695
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53695
    titleopenSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update apache2-mod_php5-4119.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53695);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2010-3709", "CVE-2010-4150", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0420", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755");
    
      script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)");
      script_summary(english:"Check for the apache2-mod_php5-4119 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "php5 was updated to fix several security issues. (CVE-2010-3709,
    CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698,
    CVE-2010-4699, CVE-2010-4700, CVE-2011-0752, CVE-2011-0753,
    CVE-2011-0755,CVE-2011-0708, CVE-2011-0420)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=655968"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=656523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=660102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=662932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=666512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=671710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=672933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00002.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-mod_php5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"apache2-mod_php5-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-bcmath-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-bz2-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-calendar-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-ctype-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-curl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-dba-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-devel-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-dom-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-enchant-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-exif-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-fastcgi-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-fileinfo-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-ftp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-gd-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-gettext-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-gmp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-hash-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-iconv-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-imap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-intl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-json-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-ldap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-mbstring-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-mcrypt-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-mysql-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-odbc-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-openssl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-pcntl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-pdo-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-pear-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-pgsql-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-phar-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-posix-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-pspell-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-readline-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-shmop-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-snmp-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-soap-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-sockets-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-sqlite-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-suhosin-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-sysvmsg-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-sysvsem-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-sysvshm-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-tidy-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-tokenizer-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-wddx-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-xmlreader-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-xmlrpc-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-xmlwriter-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-xsl-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-zip-5.3.3-0.17.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"php5-zlib-5.3.3-0.17.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56459
    published2011-10-12
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56459
    titleGLSA-201110-06 : PHP: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-06.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56459);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2006-7243", "CVE-2009-5016", "CVE-2010-1128", "CVE-2010-1129", "CVE-2010-1130", "CVE-2010-1860", "CVE-2010-1861", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1866", "CVE-2010-1868", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-2950", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4150", "CVE-2010-4409", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2010-4700", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3267", "CVE-2011-3268");
      script_xref(name:"GLSA", value:"201110-06");
    
      script_name(english:"GLSA-201110-06 : PHP: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-06
    (PHP: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in PHP. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A context-dependent attacker could execute arbitrary code, obtain
          sensitive information from process memory, bypass intended access
          restrictions, or cause a Denial of Service in various ways.
        A remote attacker could cause a Denial of Service in various ways,
          bypass spam detections, or bypass open_basedir restrictions.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-06"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All PHP users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.3.8"), vulnerable:make_list("lt 5.3.8"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-7393.NASL
    descriptionPHP5 was updated to fix several security issues. (CVE-2010-4150 / CVE-2010-4645 / CVE-2010-4697 / CVE-2010-4698 / CVE-2010-4699 / CVE-2011-0708 / CVE-2011-0752 / CVE-2011-0753 / CVE-2011-0755)
    last seen2020-06-01
    modified2020-06-02
    plugin id57157
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57157
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 7393)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-18976.NASL
    descriptionSecurity Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method (possible CWE-170). - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). - Fixed possible flaw in open_basedir (CVE-2010-3436). - Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). - Fixed symbolic resolution support when the target is a DFS share. - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. Full upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4 This update also provides php-eaccelerator and maniadrive packages rebuild against update php. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51412
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51412
    titleFedora 14 : maniadrive-1.2-23.fc14 / php-5.3.4-1.fc14.1 / php-eaccelerator-0.9.6.1-3.fc14 (2010-18976)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-357-01.NASL
    descriptionNew php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51371
    published2010-12-26
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51371
    titleSlackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2010-357-01)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B2A6FC0E070F11E0A6E900215C6A37BB.NASL
    descriptionThe following package needs to be updated: php52
    last seen2016-09-26
    modified2011-10-03
    plugin id51152
    published2010-12-14
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=51152
    titleFreeBSD : php -- multiple vulnerabilities (5353)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-239.NASL
    descriptionA possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could cause a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50667
    published2010-11-22
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50667
    titleMandriva Linux Security Advisory : php (MDVSA-2010:239)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-254.NASL
    descriptionThis is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.4 : - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values) (CVE-2010-4409) Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories. Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. - Multiple improvements to the FPM SAPI. - Over 100 other bug fixes. Additional post 5.3.4 fixes : - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). - Fixed bug #53541 (format string bug in ext/phar). Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.
    last seen2020-06-01
    modified2020-06-02
    plugin id51196
    published2010-12-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51196
    titleMandriva Linux Security Advisory : php (MDVSA-2010:254)
  • NASL familyCGI abuses
    NASL idPHP_5_2_15.NASL
    descriptionAccording to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.15. Such versions may be affected by several security issues : - A crash in the zip extract method. - A possible double free exists in the imap extension. (CVE-2010-4150) - An unspecified flaw exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id51139
    published2010-12-13
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51139
    titlePHP 5.2 < 5.2.15 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-19011.NASL
    descriptionSecurity Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method (possible CWE-170). - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). - Fixed possible flaw in open_basedir (CVE-2010-3436). - Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). - Fixed symbolic resolution support when the target is a DFS share. - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. Full upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4 This update also provides php-eaccelerator and maniadrive packages rebuild against update php. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51413
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51413
    titleFedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id52754
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52754
    titleMac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idPHP_5_3_4.NASL
    descriptionAccording to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.4. Such versions may be affected by several security issues : - A crash in the zip extract method. - A stack-based buffer overflow in impagepstext() of the GD extension. - An unspecified vulnerability related to symbolic resolution when using a DFS share. - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243) - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950) - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436) - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709) - Memory corruption in php_filter_validate_email(). (CVE-2010-3710) - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870) - A possible double free in the IMAP extension. (CVE-2010-4150) - An information disclosure vulnerability in
    last seen2020-06-01
    modified2020-06-02
    plugin id51140
    published2010-12-13
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51140
    titlePHP 5.3 < 5.3.4 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id52753
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52753
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-001)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-110310.NASL
    descriptionPHP5 was updated to fix several security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53282
    published2011-04-04
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53282
    titleSuSE 11.1 Security Update : PHP5 (SAT Patch Number 4133)

Oval

accepted2011-05-02T04:00:07.444-04:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentPHP is installed
ovaloval:org.mitre.oval:def:12410
descriptionDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:12489
statusaccepted
submitted2011-03-22T16:21:49
titleDenial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extension
version4