Vulnerabilities > CVE-2012-2688 - Buffer Overflow vulnerability in PHP '_php_stream_scandir()'

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
php
critical
nessus

Summary

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

Vulnerable Configurations

Part Description Count
Application
Php
451

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-108.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688). The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365). pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value (CVE-2012-3450). The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id61961
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61961
    titleMandriva Linux Security Advisory : php (MDVSA-2012:108)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:108. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61961);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450");
      script_bugtraq_id(54612);
      script_xref(name:"MDVSA", value:"2012:108");
    
      script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2012:108)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in php :
    
    Unspecified vulnerability in the _php_stream_scandir function in the
    stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has
    unknown impact and remote attack vectors, related to an overflow
    (CVE-2012-2688).
    
    The SQLite functionality in PHP before 5.3.15 allows remote attackers
    to bypass the open_basedir protection mechanism via unspecified
    vectors (CVE-2012-3365).
    
    pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x
    before 5.4.4 does not properly determine the end of the query string
    during parsing of prepared statements, which allows remote attackers
    to cause a denial of service (out-of-bounds read and application
    crash) via a crafted parameter value (CVE-2012-3450).
    
    The updated packages have been upgraded to the 5.3.15 version which is
    not vulnerable to these issues.
    
    Additionally the php-timezonedb packages has been upgraded to the
    latest version as well."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-timezonedb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"apache-mod_php-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64php5_common5-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libphp5_common5-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-bcmath-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-bz2-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-calendar-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-cgi-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-cli-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-ctype-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-curl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-dba-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-devel-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-doc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-dom-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-enchant-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-exif-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-fileinfo-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-filter-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-fpm-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-ftp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-gd-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-gettext-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-gmp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-hash-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-iconv-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-imap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-ini-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-intl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-json-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-ldap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mbstring-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mcrypt-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mssql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mysql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mysqli-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-mysqlnd-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-odbc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-openssl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pcntl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo_dblib-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo_mysql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo_odbc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo_pgsql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pdo_sqlite-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pgsql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-phar-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-posix-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-pspell-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-readline-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-recode-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-session-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-shmop-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-snmp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-soap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sockets-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sqlite-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sqlite3-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sybase_ct-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sysvmsg-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sysvsem-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-sysvshm-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-tidy-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-timezonedb-2012.4-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-tokenizer-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-wddx-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-xml-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-xmlreader-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-xmlrpc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-xmlwriter-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-xsl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-zip-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"php-zlib-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130930_PHP53_ON_SL5_X.NASL
    descriptionIt was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP
    last seen2020-03-18
    modified2013-10-11
    plugin id70389
    published2013-10-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70389
    titleScientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70389);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248");
    
      script_name(english:"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was found that PHP did not properly handle file names with a NULL
    character. A remote attacker could possibly use this flaw to make a
    PHP script access unexpected files and bypass intended file system
    access restrictions. (CVE-2006-7243)
    
    It was found that PHP did not check for carriage returns in HTTP
    headers, allowing intended HTTP response splitting protections to be
    bypassed. Depending on the web browser the victim is using, a remote
    attacker could use this flaw to perform HTTP response splitting
    attacks. (CVE-2011-1398)
    
    A flaw was found in PHP's SSL client's hostname identity check when
    handling certificates that contain hostnames with NULL bytes. If an
    attacker was able to get a carefully crafted certificate signed by a
    trusted Certificate Authority, the attacker could use the certificate
    to conduct man-in-the-middle attacks to spoof SSL servers.
    (CVE-2013-4248)
    
    An integer signedness issue, leading to a heap-based buffer underflow,
    was found in the PHP scandir() function. If a remote attacker could
    upload an excessively large number of files to a directory the
    scandir() function runs on, it could cause the PHP interpreter to
    crash or, possibly, execute arbitrary code. (CVE-2012-2688)
    
    It was found that PHP did not correctly handle the magic_quotes_gpc
    configuration directive. This could result in magic_quotes_gpc input
    escaping not being applied in all cases, possibly making it easier for
    a remote attacker to perform SQL injection attacks. (CVE-2012-0831)
    
    It was found that the PHP SOAP parser allowed the expansion of
    external XML entities during SOAP message parsing. A remote attacker
    could possibly use this flaw to read arbitrary files that are
    accessible to a PHP application using a SOAP extension.
    (CVE-2013-1643)
    
    After installing the updated packages, the httpd daemon must be
    restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=809
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?98848f7c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64-libs");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"php53-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-21.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC-2.2.11-10.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC-devel-2.2.11-10.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC-kde-2.2.11-10.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC-libs-2.2.11-10.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC64-2.2.14-3.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC64-devel-2.2.14-3.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"unixODBC64-libs-2.2.14-3.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-8239.NASL
    descriptionThis update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
    last seen2020-06-05
    modified2012-08-24
    plugin id61658
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61658
    titleSuSE 10 Security Update : php5 (ZYPP Patch Number 8239)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61658);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-2688", "CVE-2012-3365");
    
      script_name(english:"SuSE 10 Security Update : php5 (ZYPP Patch Number 8239)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes two security issues of PHP5 :
    
      - Potential overflow in _php_stream_scandir.
        (CVE-2012-2688)
    
      - open_basedir bypass via SQLite extension.
        (CVE-2012-3365)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2688.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3365.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8239.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:4, reference:"apache2-mod_php5-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-bcmath-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-bz2-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-calendar-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-ctype-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-curl-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-dba-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-dbase-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-devel-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-dom-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-exif-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-fastcgi-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-ftp-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-gd-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-gettext-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-gmp-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-hash-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-iconv-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-imap-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-json-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-ldap-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-mbstring-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-mcrypt-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-mhash-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-mysql-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-ncurses-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-odbc-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-openssl-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-pcntl-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-pdo-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-pear-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-pgsql-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-posix-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-pspell-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-shmop-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-snmp-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-soap-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-sockets-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-sqlite-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-suhosin-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvmsg-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvsem-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvshm-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-tokenizer-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-wddx-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlreader-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlrpc-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-xsl-5.2.14-0.36.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"php5-zlib-5.2.14-0.36.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-204-01.NASL
    descriptionNew php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id60087
    published2012-07-23
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/60087
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-204-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2012-204-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60087);
      script_version("$Revision: 1.5 $");
      script_cvs_date("$Date: 2013/06/01 00:44:11 $");
    
      script_cve_id("CVE-2012-2688");
      script_xref(name:"SSA", value:"2012-204-01");
    
      script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-204-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0,
    13.1, 13.37, and -current to fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.479182
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?89620d50"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"12.0", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;
    
    if (slackware_check(osver:"12.1", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++;
    
    if (slackware_check(osver:"12.2", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++;
    
    if (slackware_check(osver:"13.0", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
    if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"php", pkgver:"5.3.15", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;
    
    if (slackware_check(osver:"13.1", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++;
    if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"php", pkgver:"5.3.15", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++;
    
    if (slackware_check(osver:"13.37", pkgname:"php", pkgver:"5.3.15", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
    if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"php", pkgver:"5.3.15", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.4.5", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.4.5", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131211_PHP_ON_SL5_X.NASL
    descriptionA memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2013-12-12
    plugin id71373
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71373
    titleScientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71373);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-1398", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-6420");
    
      script_name(english:"Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A memory corruption flaw was found in the way the openssl_x509_parse()
    function of the PHP openssl extension parsed X.509 certificates. A
    remote attacker could use this flaw to provide a malicious self-signed
    certificate or a certificate signed by a trusted authority to a PHP
    application using the aforementioned function, causing the application
    to crash or, possibly, allow the attacker to execute arbitrary code
    with the privileges of the user running the PHP interpreter.
    (CVE-2013-6420)
    
    It was found that PHP did not check for carriage returns in HTTP
    headers, allowing intended HTTP response splitting protections to be
    bypassed. Depending on the web browser the victim is using, a remote
    attacker could use this flaw to perform HTTP response splitting
    attacks. (CVE-2011-1398)
    
    An integer signedness issue, leading to a heap-based buffer underflow,
    was found in the PHP scandir() function. If a remote attacker could
    upload an excessively large number of files to a directory the
    scandir() function runs on, it could cause the PHP interpreter to
    crash or, possibly, execute arbitrary code. (CVE-2012-2688)
    
    It was found that the PHP SOAP parser allowed the expansion of
    external XML entities during SOAP message parsing. A remote attacker
    could possibly use this flaw to read arbitrary files that are
    accessible to a PHP application using a SOAP extension.
    (CVE-2013-1643)
    
    After installing the updated packages, the httpd daemon must be
    restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=3985
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ca078ead"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"php-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-bcmath-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-cli-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-common-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-dba-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-debuginfo-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-devel-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-gd-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-imap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-ldap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-mbstring-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-mysql-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-ncurses-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-odbc-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-pdo-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-pgsql-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-snmp-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-soap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-xml-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"SL5", reference:"php-xmlrpc-5.1.6-43.el5_10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BDAB0ACDD4CD11E18A1C14DAE9EBCF89.NASL
    descriptionThe PHP Development Team reports : The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in _php_stream_scandir
    last seen2020-06-01
    modified2020-06-02
    plugin id60102
    published2012-07-24
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60102
    titleFreeBSD : php -- potential overflow in _php_stream_scandir (bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60102);
      script_version("1.9");
      script_cvs_date("Date: 2018/11/10 11:49:43");
    
      script_cve_id("CVE-2012-2688");
    
      script_name(english:"FreeBSD : php -- potential overflow in _php_stream_scandir (bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PHP Development Team reports :
    
    The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in
    _php_stream_scandir"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.php.net/archive/2012.php#id2012-07-19-1"
      );
      # https://vuxml.freebsd.org/freebsd/bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?43b90957"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php52");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php53");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"php5>5.4<5.4.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php5>=5.3<5.3.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php5>=5.2<5.2.17_10")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php53<5.3.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php52<5.2.17_10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1814.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71356
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71356
    titleCentOS 5 : php (CESA-2013:1814)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1814 and 
    # CentOS Errata and Security Advisory 2013:1814 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71356);
      script_version("1.8");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2011-1398", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-6420");
      script_bugtraq_id(54638, 55297, 58766);
      script_xref(name:"RHSA", value:"2013:1814");
    
      script_name(english:"CentOS 5 : php (CESA-2013:1814)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated php packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Server.
    
    A memory corruption flaw was found in the way the openssl_x509_parse()
    function of the PHP openssl extension parsed X.509 certificates. A
    remote attacker could use this flaw to provide a malicious self-signed
    certificate or a certificate signed by a trusted authority to a PHP
    application using the aforementioned function, causing the application
    to crash or, possibly, allow the attacker to execute arbitrary code
    with the privileges of the user running the PHP interpreter.
    (CVE-2013-6420)
    
    It was found that PHP did not check for carriage returns in HTTP
    headers, allowing intended HTTP response splitting protections to be
    bypassed. Depending on the web browser the victim is using, a remote
    attacker could use this flaw to perform HTTP response splitting
    attacks. (CVE-2011-1398)
    
    An integer signedness issue, leading to a heap-based buffer underflow,
    was found in the PHP scandir() function. If a remote attacker could
    upload an excessively large number of files to a directory the
    scandir() function runs on, it could cause the PHP interpreter to
    crash or, possibly, execute arbitrary code. (CVE-2012-2688)
    
    It was found that the PHP SOAP parser allowed the expansion of
    external XML entities during SOAP message parsing. A remote attacker
    could possibly use this flaw to read arbitrary files that are
    accessible to a PHP application using a SOAP extension.
    (CVE-2013-1643)
    
    Red Hat would like to thank the PHP project for reporting
    CVE-2013-6420. Upstream acknowledges Stefan Esser as the original
    reporter.
    
    All php users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-December/020062.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?08e7baf1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2688");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"php-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-bcmath-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-cli-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-common-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-dba-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-devel-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-gd-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-imap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-ldap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-mbstring-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-mysql-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-ncurses-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-odbc-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-pdo-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-pgsql-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-snmp-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-soap-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-xml-5.1.6-43.el5_10")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-xmlrpc-5.1.6-43.el5_10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_3_15.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities : - An unspecified overflow vulnerability exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id60085
    published2012-07-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/60085
    titlePHP 5.3.x < 5.3.15 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60085);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/24 18:56:10");
    
      script_cve_id("CVE-2012-2688", "CVE-2012-3365");
      script_bugtraq_id(54612, 54638);
    
      script_name(english:"PHP 5.3.x < 5.3.15 Multiple Vulnerabilities");
      script_summary(english:"Checks version of PHP");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its banner, the version of PHP installed on the remote
    host is 5.3.x earlier than 5.3.15, and is, therefore, potentially
    affected by the following vulnerabilities : 
    
      - An unspecified overflow vulnerability exists in the
        function '_php_stream_scandir' in the file
        'main/streams/streams.c'. (CVE-2012-2688)
    
      - An unspecified error exists that can allow the
        'open_basedir' constraint to be bypassed.
        (CVE-2012-3365)"
      );
      script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.15");
      script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.3.15 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/20");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("php_version.nasl");
      script_require_ports("Services/www", 80);
      script_require_keys("www/PHP");
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    if (version !~ "^5\.3\.") exit(0, "The web server listening on port "+port+" does not use PHP version 5.3.x.");
    if (version =~ "^5\.3\.([0-9]|1[0-4])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version+
          '\n  Fixed version     : 5.3.15\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyCGI abuses
    NASL idPHP_5_4_5.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.5, and is, therefore, potentially affected by an unspecified overflow vulnerability in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id60086
    published2012-07-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/60086
    titlePHP 5.4.x < 5.4.5 _php_stream_scandir Overflow
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1569-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. (CVE-2012-2688) It was discovered that PHP incorrectly parsed certain PDO prepared statements. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-3450). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62178
    published2012-09-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62178
    titleUbuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1569-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1814.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71337
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71337
    titleRHEL 5 : php (RHSA-2013:1814)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62236
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62236
    titleGLSA-201209-03 : PHP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-502.NASL
    descriptionThree security issues were fixed in php5 : CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785)
    last seen2020-06-05
    modified2014-06-13
    plugin id74709
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74709
    titleopenSUSE Security Update : php5 (openSUSE-SU-2012:0976-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1307.NASL
    descriptionUpdated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id79149
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79149
    titleCentOS 5 : php53 (CESA-2013:1307)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1814.NASL
    descriptionFrom Red Hat Security Advisory 2013:1814 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71367
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71367
    titleOracle Linux 5 : php (ELSA-2013-1814)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_8_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.2. The newer version contains multiple security-related fixes for the following components : - BIND - Data Security - LoginWindow - Mobile Accounts - PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id62215
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62215
    titleMac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-10908.NASL
    descriptionThe PHP development team would like to announce the immediate availability of PHP 5.3.15. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation (CVE-2012-2688). All users of PHP are encouraged to upgrade to PHP 5.3.15. Full changelog: http://www.php.net/ChangeLog-5.php#5.3.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-08-06
    plugin id61418
    published2012-08-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61418
    titleFedora 16 : maniadrive-1.2-32.fc16.7 / php-5.3.15-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.7 (2012-10908)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-120803.NASL
    descriptionThree security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
    last seen2020-06-05
    modified2013-01-25
    plugin id64106
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64106
    titleSuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0514.NASL
    descriptionUpdated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id65146
    published2013-03-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65146
    titleCentOS 6 : php (CESA-2013:0514)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id62213
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62213
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1307.NASL
    descriptionUpdated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id70244
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70244
    titleRHEL 5 : php53 (RHSA-2013:1307)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-120802.NASL
    descriptionThis update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
    last seen2020-06-05
    modified2013-01-25
    plugin id64101
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64101
    titleSuSE 11.1 Security Update : php5 (SAT Patch Number 6627)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_PHP_20140401.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an
    last seen2020-06-01
    modified2020-06-02
    plugin id80736
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80736
    titleOracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-116.NASL
    descriptionUnspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an
    last seen2020-06-01
    modified2020-06-02
    plugin id69606
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69606
    titleAmazon Linux AMI : php (ALAS-2012-116)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-10936.NASL
    descriptionThe PHP development team would like to announce the immediate availability of PHP 5.4.5. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation (CVE-2012-2688). All users of PHP are encouraged to upgrade to PHP 5.4.5. Full changelog: http://www.php.net/ChangeLog-5.php#5.4.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-08-06
    plugin id61419
    published2012-08-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61419
    titleFedora 17 : maniadrive-1.2-43.fc17 / php-5.4.5-1.fc17 (2012-10936)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2527.NASL
    descriptionSeveral vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-2688 A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code. - CVE-2012-3450 It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service.
    last seen2020-03-17
    modified2012-08-14
    plugin id61520
    published2012-08-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61520
    titleDebian DSA-2527-1 : php5 - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1307.NASL
    descriptionFrom Red Hat Security Advisory 2013:1307 : Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id70284
    published2013-10-03
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70284
    titleOracle Linux 5 : php53 (ELSA-2013-1307)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130221_PHP_ON_SL6_X.NASL
    descriptionIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2013-03-01
    plugin id64957
    published2013-03-01
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64957
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20130221)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0514.NASL
    descriptionFrom Red Hat Security Advisory 2013:0514 : Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68751
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68751
    titleOracle Linux 6 : php (ELSA-2013-0514)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0514.NASL
    descriptionUpdated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id64762
    published2013-02-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64762
    titleRHEL 6 : php (RHSA-2013:0514)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-120802.NASL
    descriptionThree security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
    last seen2020-06-05
    modified2013-01-25
    plugin id64105
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64105
    titleSuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id62214
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62214
    titleMac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)

Redhat

advisories
  • bugzilla
    id874987
    titleMissing provides in php-xml
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentphp-process is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514001
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-xml is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514003
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-devel is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514005
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-embedded is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514007
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-enchant is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514009
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-tidy is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514011
          • commentphp-tidy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195036
        • AND
          • commentphp-gd is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514013
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-dba is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514015
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-pgsql is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514017
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-cli is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514019
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-snmp is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514021
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-pdo is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514023
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-zts is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514025
          • commentphp-zts is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195032
        • AND
          • commentphp-mysql is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514027
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-imap is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514029
          • commentphp-imap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195040
        • AND
          • commentphp-bcmath is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514031
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-common is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514033
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-ldap is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514035
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-fpm is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514037
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-odbc is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514039
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-soap is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514041
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-xmlrpc is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514043
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514045
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentphp-mbstring is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514047
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-intl is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514049
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-pspell is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514051
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-recode is earlier than 0:5.3.3-22.el6
            ovaloval:com.redhat.rhsa:tst:20130514053
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
    rhsa
    idRHSA-2013:0514
    released2013-02-20
    severityModerate
    titleRHSA-2013:0514: php security, bug fix and enhancement update (Moderate)
  • rhsa
    idRHSA-2013:1307
rpms
  • php-0:5.3.3-22.el6
  • php-bcmath-0:5.3.3-22.el6
  • php-cli-0:5.3.3-22.el6
  • php-common-0:5.3.3-22.el6
  • php-dba-0:5.3.3-22.el6
  • php-debuginfo-0:5.3.3-22.el6
  • php-devel-0:5.3.3-22.el6
  • php-embedded-0:5.3.3-22.el6
  • php-enchant-0:5.3.3-22.el6
  • php-fpm-0:5.3.3-22.el6
  • php-gd-0:5.3.3-22.el6
  • php-imap-0:5.3.3-22.el6
  • php-intl-0:5.3.3-22.el6
  • php-ldap-0:5.3.3-22.el6
  • php-mbstring-0:5.3.3-22.el6
  • php-mysql-0:5.3.3-22.el6
  • php-odbc-0:5.3.3-22.el6
  • php-pdo-0:5.3.3-22.el6
  • php-pgsql-0:5.3.3-22.el6
  • php-process-0:5.3.3-22.el6
  • php-pspell-0:5.3.3-22.el6
  • php-recode-0:5.3.3-22.el6
  • php-snmp-0:5.3.3-22.el6
  • php-soap-0:5.3.3-22.el6
  • php-tidy-0:5.3.3-22.el6
  • php-xml-0:5.3.3-22.el6
  • php-xmlrpc-0:5.3.3-22.el6
  • php-zts-0:5.3.3-22.el6
  • php53-0:5.3.3-21.el5
  • php53-bcmath-0:5.3.3-21.el5
  • php53-cli-0:5.3.3-21.el5
  • php53-common-0:5.3.3-21.el5
  • php53-dba-0:5.3.3-21.el5
  • php53-debuginfo-0:5.3.3-21.el5
  • php53-devel-0:5.3.3-21.el5
  • php53-gd-0:5.3.3-21.el5
  • php53-imap-0:5.3.3-21.el5
  • php53-intl-0:5.3.3-21.el5
  • php53-ldap-0:5.3.3-21.el5
  • php53-mbstring-0:5.3.3-21.el5
  • php53-mysql-0:5.3.3-21.el5
  • php53-odbc-0:5.3.3-21.el5
  • php53-pdo-0:5.3.3-21.el5
  • php53-pgsql-0:5.3.3-21.el5
  • php53-process-0:5.3.3-21.el5
  • php53-pspell-0:5.3.3-21.el5
  • php53-snmp-0:5.3.3-21.el5
  • php53-soap-0:5.3.3-21.el5
  • php53-xml-0:5.3.3-21.el5
  • php53-xmlrpc-0:5.3.3-21.el5
  • php-0:5.1.6-43.el5_10
  • php-bcmath-0:5.1.6-43.el5_10
  • php-cli-0:5.1.6-43.el5_10
  • php-common-0:5.1.6-43.el5_10
  • php-dba-0:5.1.6-43.el5_10
  • php-debuginfo-0:5.1.6-43.el5_10
  • php-devel-0:5.1.6-43.el5_10
  • php-gd-0:5.1.6-43.el5_10
  • php-imap-0:5.1.6-43.el5_10
  • php-ldap-0:5.1.6-43.el5_10
  • php-mbstring-0:5.1.6-43.el5_10
  • php-mysql-0:5.1.6-43.el5_10
  • php-ncurses-0:5.1.6-43.el5_10
  • php-odbc-0:5.1.6-43.el5_10
  • php-pdo-0:5.1.6-43.el5_10
  • php-pgsql-0:5.1.6-43.el5_10
  • php-snmp-0:5.1.6-43.el5_10
  • php-soap-0:5.1.6-43.el5_10
  • php-xml-0:5.1.6-43.el5_10
  • php-xmlrpc-0:5.1.6-43.el5_10

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 54638 CVE ID: CVE-2012-2688 PHP 是一种 HTML 内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP 5.3.15和5.4.5之前版本的_php_stream_scandir函数在流的实现中存在缓冲区溢出漏洞,成功利用此漏洞可允许远程攻击者在受影响的Web服务器中执行任意代码。 0 PHP &lt; 5.4.5 PHP &lt; 5.3.15 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net
idSSV:60291
last seen2017-11-19
modified2012-07-25
published2012-07-25
reporterRoot
titlePHP '_php_stream_scandir()'缓冲区溢出漏洞