Vulnerabilities > CVE-2012-0807 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hardened-PHP Suhosin
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-065.NASL description Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 58890 published 2012-04-27 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58890 title Mandriva Linux Security Advisory : php (MDVSA-2012:065) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:065. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(58890); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-0788", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831", "CVE-2012-1172"); script_bugtraq_id(51574, 51830, 51952, 51954, 53403); script_xref(name:"MDVSA", value:"2012:065"); script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2012:065)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs." ); script_set_attribute( attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.10" ); script_set_attribute( attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.11" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mailparse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ssh2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-timezonedb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-vld"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.1", reference:"apache-mod_php-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64php5_common5-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libphp5_common5-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-bcmath-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-bz2-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-calendar-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-cgi-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-cli-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-ctype-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-curl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-dba-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-devel-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-doc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-dom-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-enchant-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-exif-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-fileinfo-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-filter-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-fpm-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-ftp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-gd-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-gettext-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-gmp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-hash-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-iconv-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-imap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-ini-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-intl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-json-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-ldap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mailparse-2.1.6-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mbstring-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mcrypt-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mssql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mysql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mysqli-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-mysqlnd-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-odbc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-openssl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pcntl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo_dblib-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo_mysql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo_odbc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo_pgsql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pdo_sqlite-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pgsql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-phar-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-posix-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-pspell-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-readline-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-recode-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-session-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-shmop-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-snmp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-soap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sockets-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sqlite-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sqlite3-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-ssh2-0.11.3-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-suhosin-0.9.33-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sybase_ct-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sysvmsg-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sysvsem-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-sysvshm-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-tidy-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-timezonedb-2012.3-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-tokenizer-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-vld-0.11.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-wddx-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xdebug-2.1.4-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xml-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xmlreader-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xmlrpc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xmlwriter-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-xsl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-zip-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"php-zlib-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"apache-mod_php-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64php5_common5-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libphp5_common5-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-bcmath-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-bz2-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-calendar-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-cgi-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-cli-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ctype-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-curl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-dba-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-devel-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-doc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-dom-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-enchant-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-exif-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-fileinfo-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-filter-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-fpm-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ftp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gd-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gettext-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gmp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-hash-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-iconv-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-imap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ini-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-intl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-json-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ldap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mailparse-2.1.6-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mbstring-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mcrypt-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mssql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysqli-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysqlnd-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-odbc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-openssl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pcntl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_dblib-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_mysql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_odbc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_pgsql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_sqlite-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pgsql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-phar-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-posix-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pspell-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-readline-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-recode-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-session-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-shmop-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-snmp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-soap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sockets-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sqlite-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sqlite3-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ssh2-0.11.3-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-suhosin-0.9.33-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sybase_ct-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvmsg-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvsem-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvshm-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-tidy-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-timezonedb-2012.3-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-tokenizer-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-vld-0.11.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-wddx-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xdebug-2.1.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xml-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlreader-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlrpc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlwriter-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xsl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-zip-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-zlib-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-10.NASL description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79963 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79963 title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-10. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79963); script_version("1.5"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2008-4776", "CVE-2010-2713", "CVE-2010-3313", "CVE-2010-3314", "CVE-2011-0765", "CVE-2011-2198", "CVE-2012-0807", "CVE-2012-0808", "CVE-2012-1620", "CVE-2012-2738", "CVE-2012-3448"); script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699); script_xref(name:"GLSA", value:"201412-10"); script_name(english:"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-10" ); script_set_attribute( attribute:"solution", value: "All EGroupware users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/egroupware-1.8.004.20120613' All VTE 0.32 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2' All VTE 0.28 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204' All Layer Four Traceroute users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33' All Suhosin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33' All Slock users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0' All Ganglia users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7' All Jabber to GaduGadu Gateway users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4' NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:egroupware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ganglia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gg-transport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:lft"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:slock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vte"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-php/suhosin", unaffected:make_list("ge 0.9.33"), vulnerable:make_list("lt 0.9.33"))) flag++; if (qpkg_check(package:"net-analyzer/lft", unaffected:make_list("ge 3.33"), vulnerable:make_list("lt 3.33"))) flag++; if (qpkg_check(package:"x11-libs/vte", unaffected:make_list("ge 0.32.2", "rge 0.28.2-r204", "rge 0.28.2-r206"), vulnerable:make_list("lt 0.32.2"))) flag++; if (qpkg_check(package:"net-im/gg-transport", unaffected:make_list("ge 2.2.4"), vulnerable:make_list("lt 2.2.4"))) flag++; if (qpkg_check(package:"sys-cluster/ganglia", unaffected:make_list("ge 3.3.7"), vulnerable:make_list("lt 3.3.7"))) flag++; if (qpkg_check(package:"x11-misc/slock", unaffected:make_list("ge 1.0"), vulnerable:make_list("lt 1.0"))) flag++; if (qpkg_check(package:"www-apps/egroupware", unaffected:make_list("ge 1.8.004.20120613"), vulnerable:make_list("lt 1.8.004.20120613"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-php/suhosin / net-analyzer/lft / x11-libs/vte / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-8009.NASL description This update of php5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in php5 last seen 2020-06-05 modified 2012-03-26 plugin id 58480 published 2012-03-26 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58480 title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(58480); script_version ("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4153", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"); script_xref(name:"TRA", value:"TRA-2012-01"); script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of php5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0057.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0781.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0788.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0789.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0830.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0831.html" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-01" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8009."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:4, reference:"apache2-mod_php5-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-bcmath-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-bz2-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-calendar-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ctype-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-curl-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dba-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dbase-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-devel-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dom-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-exif-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-fastcgi-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ftp-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gd-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gettext-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gmp-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-hash-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-iconv-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-imap-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-json-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ldap-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mbstring-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mcrypt-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mhash-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mysql-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ncurses-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-odbc-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-openssl-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pcntl-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pdo-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pear-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pgsql-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-posix-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pspell-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-shmop-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-snmp-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-soap-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sockets-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sqlite-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-suhosin-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvmsg-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvsem-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvshm-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-tokenizer-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-wddx-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlreader-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlrpc-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xsl-5.2.14-0.26.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-zlib-5.2.14-0.26.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-120309.NASL description This update of PHP5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - a stack-based buffer overflow in php5 last seen 2020-06-05 modified 2012-04-06 plugin id 58615 published 2012-04-06 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58615 title SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(58615); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0807", "CVE-2012-0831"); script_name(english:"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of PHP5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749111" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0057.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0831.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5958."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-mod_php53-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-bcmath-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-bz2-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-calendar-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-ctype-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-curl-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-dba-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-dom-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-exif-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-fastcgi-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-fileinfo-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-ftp-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-gd-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-gettext-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-gmp-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-iconv-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-intl-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-json-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-ldap-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-mbstring-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-mcrypt-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-mysql-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-odbc-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-openssl-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-pcntl-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-pdo-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-pear-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-pgsql-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-pspell-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-shmop-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-snmp-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-soap-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-suhosin-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvmsg-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvsem-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvshm-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-tokenizer-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-wddx-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlreader-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlrpc-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlwriter-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-xsl-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-zip-5.3.8-0.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"php53-zlib-5.3.8-0.23.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-182.NASL description php5 security update last seen 2020-06-05 modified 2014-06-13 plugin id 74580 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74580 title openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-182. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74580); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-1466", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"); script_xref(name:"TRA", value:"TRA-2012-01"); script_name(english:"openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)"); script_summary(english:"Check for the openSUSE-2012-182 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute(attribute:"description", value:"php5 security update"); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733590" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=736169" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=738221" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742273" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749111" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-03/msg00047.html" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-01" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-debugsource-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-devel-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-json-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-json-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pear-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-debuginfo-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-5.3.8-4.9.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-debuginfo-5.3.8-4.9.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP5-120309.NASL description This update of php5 fixes multiple security flaws : - A php5 upload filename injection was fixed. (CVE-2011-2202) - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566) - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182) - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466) - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. (CVE-2011-1072) - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831) Also the following bugs have been fixed : - allow uploading files bigger than 2GB for 64bit systems [bnc#709549] - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671] last seen 2020-06-05 modified 2012-04-13 plugin id 58740 published 2012-04-13 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58740 title SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(58740); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-1072", "CVE-2011-1466", "CVE-2011-2202", "CVE-2011-3182", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"); script_name(english:"SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of php5 fixes multiple security flaws : - A php5 upload filename injection was fixed. (CVE-2011-2202) - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566) - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182) - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466) - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. (CVE-2011-1072) - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831) Also the following bugs have been fixed : - allow uploading files bigger than 2GB for 64bit systems [bnc#709549] - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=699711" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=709549" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=713652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733590" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=735613" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=736169" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=738221" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742273" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749111" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1072.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1466.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2202.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3182.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4566.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0057.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0781.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0788.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0789.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0830.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0831.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5964."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLES11", sp:1, reference:"apache2-mod_php5-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-bcmath-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-bz2-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-calendar-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ctype-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-curl-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dba-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dbase-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dom-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-exif-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-fastcgi-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ftp-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gd-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gettext-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gmp-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-hash-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-iconv-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-json-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ldap-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mbstring-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mcrypt-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mysql-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-odbc-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-openssl-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pcntl-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pdo-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pear-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pgsql-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pspell-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-shmop-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-snmp-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-soap-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-suhosin-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvmsg-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvsem-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvshm-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-tokenizer-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-wddx-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlreader-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlrpc-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlwriter-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xsl-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-zip-5.2.14-0.7.30.34.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-zlib-5.2.14-0.7.30.34.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0296.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
- http://secunia.com/advisories/48668
- http://www.openwall.com/lists/oss-security/2012/01/24/11
- http://www.openwall.com/lists/oss-security/2012/01/24/7
- https://bugzilla.redhat.com/show_bug.cgi?id=783350
- https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
- http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0296.html
- https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
- https://bugzilla.redhat.com/show_bug.cgi?id=783350
- http://www.openwall.com/lists/oss-security/2012/01/24/7
- http://www.openwall.com/lists/oss-security/2012/01/24/11
- http://secunia.com/advisories/48668
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html