Vulnerabilities > CVE-2012-0807 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hardened-PHP Suhosin

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
hardened-php
CWE-119
nessus
NVD
Published: 2012-01-27
Updated: 2018-01-18

Summary

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

Vulnerable Configurations

Part Description Count
Application
Hardened-Php
40

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-065.NASL
    descriptionMultiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id58890
    published2012-04-27
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58890
    titleMandriva Linux Security Advisory : php (MDVSA-2012:065)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:065. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(58890);
  script_version("1.10");
  script_cvs_date("Date: 2019/08/02 13:32:54");

  script_cve_id("CVE-2012-0788", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831", "CVE-2012-1172");
  script_bugtraq_id(51574, 51830, 51952, 51954, 53403);
  script_xref(name:"MDVSA", value:"2012:065");

  script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2012:065)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been identified and fixed in php :

The PDORow implementation in PHP before 5.3.9 does not properly
interact with the session feature, which allows remote attackers to
cause a denial of service (application crash) via a crafted
application that uses a PDO driver for a fetch and then calls the
session_start function, as demonstrated by a crash of the Apache HTTP
Server (CVE-2012-0788). Note: this was fixed with php-5.3.10

The php_register_variable_ex function in php_variables.c in PHP 5.3.9
allows remote attackers to execute arbitrary code via a request
containing a large number of variables, related to improper handling
of array variables. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed
with php-5.3.10

PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment
variables, which makes it easier for remote attackers to conduct SQL
injection attacks via a crafted request, related to
main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c
(CVE-2012-0831).

Insufficient validating of upload name leading to corrupted $_FILES
indices (CVE-2012-1172).

The updated php packages have been upgraded to 5.3.11 which is not
vulnerable to these issues.

Stack-based buffer overflow in the suhosin_encrypt_single_cookie
function in the transparent cookie-encryption feature in the Suhosin
extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and
suhosin.multiheader are enabled, might allow remote attackers to
execute arbitrary code via a long string that is used in a Set-Cookie
HTTP header (CVE-2012-0807). The php-suhosin packages has been
upgraded to the 0.9.33 version which is not affected by this issue.

Additionally some of the PECL extensions has been upgraded to their
latest respective versions which resolves various upstream bugs."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net/ChangeLog-5.php#5.3.10"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net/ChangeLog-5.php#5.3.11"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mailparse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ssh2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-timezonedb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-vld");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xdebug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_php-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64php5_common5-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libphp5_common5-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-bcmath-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-bz2-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-calendar-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-cgi-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-cli-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-ctype-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-curl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-dba-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-devel-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-doc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-dom-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-enchant-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-exif-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-fileinfo-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-filter-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-fpm-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-ftp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-gd-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-gettext-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-gmp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-hash-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-iconv-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-imap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-ini-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-intl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-json-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-ldap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mailparse-2.1.6-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mbstring-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mcrypt-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mssql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mysql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mysqli-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-mysqlnd-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-odbc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-openssl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pcntl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo_dblib-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo_mysql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo_odbc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo_pgsql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pdo_sqlite-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pgsql-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-phar-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-posix-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-pspell-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-readline-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-recode-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-session-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-shmop-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-snmp-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-soap-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sockets-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sqlite-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sqlite3-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-ssh2-0.11.3-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-suhosin-0.9.33-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sybase_ct-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sysvmsg-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sysvsem-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-sysvshm-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-tidy-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-timezonedb-2012.3-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-tokenizer-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-vld-0.11.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-wddx-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xdebug-2.1.4-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xml-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xmlreader-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xmlrpc-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xmlwriter-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-xsl-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-zip-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"php-zlib-5.3.11-0.1mdv2010.2", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2011", reference:"apache-mod_php-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64php5_common5-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libphp5_common5-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-bcmath-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-bz2-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-calendar-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-cgi-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-cli-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-ctype-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-curl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-dba-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-devel-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-doc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-dom-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-enchant-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-exif-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-fileinfo-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-filter-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-fpm-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-ftp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-gd-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-gettext-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-gmp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-hash-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-iconv-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-imap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-ini-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-intl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-json-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-ldap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mailparse-2.1.6-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mbstring-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mcrypt-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mssql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mysql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mysqli-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-mysqlnd-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-odbc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-openssl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pcntl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo_dblib-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo_mysql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo_odbc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo_pgsql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pdo_sqlite-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pgsql-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-phar-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-posix-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-pspell-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-readline-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-recode-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-session-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-shmop-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-snmp-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-soap-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sockets-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sqlite-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sqlite3-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-ssh2-0.11.3-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-suhosin-0.9.33-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sybase_ct-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sysvmsg-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sysvsem-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-sysvshm-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-tidy-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-timezonedb-2012.3-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-tokenizer-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-vld-0.11.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-wddx-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xdebug-2.1.4-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xml-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xmlreader-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xmlrpc-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xmlwriter-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-xsl-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-zip-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"php-zlib-5.3.11-0.1-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79963
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79963
    titleGLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201412-10.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(79963);
  script_version("1.5");
  script_cvs_date("Date: 2019/08/12 17:35:38");

  script_cve_id("CVE-2008-4776", "CVE-2010-2713", "CVE-2010-3313", "CVE-2010-3314", "CVE-2011-0765", "CVE-2011-2198", "CVE-2012-0807", "CVE-2012-0808", "CVE-2012-1620", "CVE-2012-2738", "CVE-2012-3448");
  script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699);
  script_xref(name:"GLSA", value:"201412-10");

  script_name(english:"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201412-10
(Multiple packages, Multiple vulnerabilities fixed in 2012)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      EGroupware
      VTE
      Layer Four Traceroute (LFT)
      Suhosin
      Slock
      Ganglia
      Jabber to GaduGadu Gateway
  
Impact :

    A context-dependent attacker may be able to gain escalated privileges,
      execute arbitrary code, cause Denial of Service, obtain sensitive
      information, or otherwise bypass security restrictions.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201412-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All EGroupware users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-apps/egroupware-1.8.004.20120613'
    All VTE 0.32 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2'
    All VTE 0.28 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204'
    All Layer Four Traceroute users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33'
    All Suhosin users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33'
    All Slock users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0'
    All Ganglia users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7'
    All Jabber to GaduGadu Gateway users should upgrade to the latest
      version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4'
    NOTE: This is a legacy GLSA. Updates for all affected architectures have
      been available since 2013. It is likely that your system is already no
      longer affected by these issues."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:egroupware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ganglia");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gg-transport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:lft");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:slock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vte");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-php/suhosin", unaffected:make_list("ge 0.9.33"), vulnerable:make_list("lt 0.9.33"))) flag++;
if (qpkg_check(package:"net-analyzer/lft", unaffected:make_list("ge 3.33"), vulnerable:make_list("lt 3.33"))) flag++;
if (qpkg_check(package:"x11-libs/vte", unaffected:make_list("ge 0.32.2", "rge 0.28.2-r204", "rge 0.28.2-r206"), vulnerable:make_list("lt 0.32.2"))) flag++;
if (qpkg_check(package:"net-im/gg-transport", unaffected:make_list("ge 2.2.4"), vulnerable:make_list("lt 2.2.4"))) flag++;
if (qpkg_check(package:"sys-cluster/ganglia", unaffected:make_list("ge 3.3.7"), vulnerable:make_list("lt 3.3.7"))) flag++;
if (qpkg_check(package:"x11-misc/slock", unaffected:make_list("ge 1.0"), vulnerable:make_list("lt 1.0"))) flag++;
if (qpkg_check(package:"www-apps/egroupware", unaffected:make_list("ge 1.8.004.20120613"), vulnerable:make_list("lt 1.8.004.20120613"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-php/suhosin / net-analyzer/lft / x11-libs/vte / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-8009.NASL
    descriptionThis update of php5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in php5
    last seen2020-06-05
    modified2012-03-26
    plugin id58480
    published2012-03-26
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58480
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(58480);
  script_version ("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-4153", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831");
  script_xref(name:"TRA", value:"TRA-2012-01");

  script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of php5 fixes multiple security flaws :

  - missing checks of return values could allow remote
    attackers to cause a denial of service (NULL pointer
    dereference). (CVE-2011-4153)

  - denial of service via hash collisions. (CVE-2011-4885)

  - specially crafted XSLT stylesheets could allow remote
    attackers to create arbitrary files with arbitrary
    content. (CVE-2012-0057)

  - remote attackers can cause a denial of service via
    specially crafted input to an application that attempts
    to perform Tidy::diagnose operations. (CVE-2012-0781)

  - applications that use a PDO driver were prone to denial
    of service flaws which could be exploited remotely.
    (CVE-2012-0788)

  - memory leak in the timezone functionality could allow
    remote attackers to cause a denial of service (memory
    consumption). (CVE-2012-0789)

  - a stack-based buffer overflow in php5's Suhosin
    extension could allow remote attackers to execute
    arbitrary code via a long string that is used in a
    Set-Cookie HTTP header. (CVE-2012-0807)

  - this fixes an incorrect fix for CVE-2011-4885 which
    could allow remote attackers to execute arbitrary code
    via a request containing a large number of variables.
    (CVE-2012-0830)

  - temporary changes to the magic_quotes_gpc directive
    during the importing of environment variables is not
    properly performed which makes it easier for remote
    attackers to conduct SQL injections. (CVE-2012-0831)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4153.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4885.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0057.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0781.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0788.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0789.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0807.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0830.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0831.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.tenable.com/security/research/tra-2012-01"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8009.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:4, reference:"apache2-mod_php5-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-bcmath-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-bz2-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-calendar-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-ctype-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-curl-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-dba-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-dbase-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-devel-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-dom-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-exif-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-fastcgi-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-ftp-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-gd-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-gettext-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-gmp-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-hash-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-iconv-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-imap-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-json-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-ldap-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-mbstring-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-mcrypt-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-mhash-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-mysql-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-ncurses-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-odbc-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-openssl-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-pcntl-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-pdo-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-pear-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-pgsql-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-posix-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-pspell-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-shmop-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-snmp-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-soap-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-sockets-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-sqlite-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-suhosin-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvmsg-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvsem-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvshm-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-tokenizer-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-wddx-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlreader-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlrpc-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-xsl-5.2.14-0.26.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"php5-zlib-5.2.14-0.26.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-120309.NASL
    descriptionThis update of PHP5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - a stack-based buffer overflow in php5
    last seen2020-06-05
    modified2012-04-06
    plugin id58615
    published2012-04-06
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58615
    titleSuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(58615);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0807", "CVE-2012-0831");

  script_name(english:"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of PHP5 fixes multiple security flaws :

  - missing checks of return values could allow remote
    attackers to cause a denial of service (NULL pointer
    dereference). (CVE-2011-4153)

  - specially crafted XSLT stylesheets could allow remote
    attackers to create arbitrary files with arbitrary
    content. (CVE-2012-0057)

  - a stack-based buffer overflow in php5's Suhosin
    extension could allow remote attackers to execute
    arbitrary code via a long string that is used in a
    Set-Cookie HTTP header. (CVE-2012-0807)

  - temporary changes to the magic_quotes_gpc directive
    during the importing of environment variables is not
    properly performed which makes it easier for remote
    attackers to conduct SQL injections. (CVE-2012-0831)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=743308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=746661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749111"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4153.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0057.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0807.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0831.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5958.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLES11", sp:2, reference:"apache2-mod_php53-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-bcmath-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-bz2-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-calendar-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-ctype-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-curl-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-dba-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-dom-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-exif-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-fastcgi-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-fileinfo-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-ftp-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-gd-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-gettext-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-gmp-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-iconv-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-intl-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-json-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-ldap-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-mbstring-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-mcrypt-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-mysql-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-odbc-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-openssl-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-pcntl-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-pdo-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-pear-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-pgsql-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-pspell-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-shmop-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-snmp-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-soap-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-suhosin-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvmsg-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvsem-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-sysvshm-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-tokenizer-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-wddx-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlreader-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlrpc-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-xmlwriter-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-xsl-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-zip-5.3.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"php53-zlib-5.3.8-0.23.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-182.NASL
    descriptionphp5 security update
    last seen2020-06-05
    modified2014-06-13
    plugin id74580
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74580
    titleopenSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-182.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(74580);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-1466", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831");
  script_xref(name:"TRA", value:"TRA-2012-01");

  script_name(english:"openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)");
  script_summary(english:"Check for the openSUSE-2012-182 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(attribute:"description", value:"php5 security update");
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=728671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=733590"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=736169"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=738221"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=743308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=744966"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=746661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749111"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-03/msg00047.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.tenable.com/security/research/tra-2012-01"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-debugsource-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-devel-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-json-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-json-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pear-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-debuginfo-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-5.3.8-4.9.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-debuginfo-5.3.8-4.9.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-120309.NASL
    descriptionThis update of php5 fixes multiple security flaws : - A php5 upload filename injection was fixed. (CVE-2011-2202) - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566) - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182) - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466) - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. (CVE-2011-1072) - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831) Also the following bugs have been fixed : - allow uploading files bigger than 2GB for 64bit systems [bnc#709549] - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]
    last seen2020-06-05
    modified2012-04-13
    plugin id58740
    published2012-04-13
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58740
    titleSuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(58740);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-1072", "CVE-2011-1466", "CVE-2011-2202", "CVE-2011-3182", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831");

  script_name(english:"SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of php5 fixes multiple security flaws :

  - A php5 upload filename injection was fixed.
    (CVE-2011-2202)

  - A integer overflow in the EXIF extension was fixed that
    could be used by attackers to crash the interpreter or
    potentially read memory. (CVE-2011-4566)

  - Multiple NULL pointer dereferences were fixed that could
    lead to crashes. (CVE-2011-3182)

  - An integer overflow in the PHP calendar extension was
    fixed that could have led to crashes. (CVE-2011-1466)

  - A symlink vulnerability in the PEAR installer could be
    exploited by local attackers to inject code.
    (CVE-2011-1072)

  - missing checks of return values could allow remote
    attackers to cause a denial of service (NULL pointer
    dereference). (CVE-2011-4153)

  - denial of service via hash collisions. (CVE-2011-4885)

  - specially crafted XSLT stylesheets could allow remote
    attackers to create arbitrary files with arbitrary
    content. (CVE-2012-0057)

  - remote attackers can cause a denial of service via
    specially crafted input to an application that attempts
    to perform Tidy::diagnose operations. (CVE-2012-0781)

  - applications that use a PDO driver were prone to denial
    of service flaws which could be exploited remotely.
    (CVE-2012-0788)

  - memory leak in the timezone functionality could allow
    remote attackers to cause a denial of service (memory
    consumption). (CVE-2012-0789)

  - a stack-based buffer overflow in the php5 Suhosin
    extension could allow remote attackers to execute
    arbitrary code via a long string that is used in a
    Set-Cookie HTTP header. (CVE-2012-0807)

  - this fixes an incorrect fix for CVE-2011-4885 which
    could allow remote attackers to execute arbitrary code
    via a request containing a large number of variables.
    (CVE-2012-0830)

  - temporary changes to the magic_quotes_gpc directive
    during the importing of environment variables is not
    properly performed which makes it easier for remote
    attackers to conduct SQL injections. (CVE-2012-0831)

Also the following bugs have been fixed :

  - allow uploading files bigger than 2GB for 64bit systems
    [bnc#709549]

  - amend README.SUSE to discourage using apache module with
    apache2-worker [bnc#728671]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=699711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=709549"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=713652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=728671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=733590"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=735613"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=736169"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=738221"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=741859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=743308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=744966"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=746661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749111"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1072.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1466.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2202.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3182.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4153.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4566.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4885.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0057.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0781.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0788.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0789.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0807.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0830.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0831.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5964.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dbase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-hash");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLES11", sp:1, reference:"apache2-mod_php5-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-bcmath-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-bz2-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-calendar-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-ctype-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-curl-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-dba-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-dbase-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-dom-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-exif-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-fastcgi-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-ftp-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-gd-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-gettext-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-gmp-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-hash-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-iconv-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-json-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-ldap-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-mbstring-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-mcrypt-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-mysql-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-odbc-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-openssl-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-pcntl-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-pdo-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-pear-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-pgsql-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-pspell-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-shmop-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-snmp-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-soap-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-suhosin-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvmsg-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvsem-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvshm-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-tokenizer-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-wddx-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlreader-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlrpc-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlwriter-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-xsl-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-zip-5.2.14-0.7.30.34.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"php5-zlib-5.2.14-0.7.30.34.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References