Vulnerabilities > CVE-2012-3365 - Permissions, Privileges, and Access Controls vulnerability in PHP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

php

CWE-264

nessus

NVD

Published: 2012-07-20

Updated: 2017-12-01

Summary

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 1.0 PHP PHP 2.0 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 5.1 PHP PHP 5.3.14	446

Common Weakness Enumeration (CWE)

CWE-264 - Permissions, Privileges, and Access Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Blue Boxing
This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-108.NASL
description	Multiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688). The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365). pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value (CVE-2012-3450). The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
last seen	2020-06-01
modified	2020-06-02
plugin id	61961
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61961
title	Mandriva Linux Security Advisory : php (MDVSA-2012:108)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:108. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61961); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450"); script_bugtraq_id(54612); script_xref(name:"MDVSA", value:"2012:108"); script_name(english:"Mandriva Linux Security Advisory : php (MDVSA-2012:108)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688). The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365). pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value (CVE-2012-3450). The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pdo_sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sybase_ct"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-timezonedb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", reference:"apache-mod_php-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64php5_common5-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libphp5_common5-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-bcmath-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-bz2-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-calendar-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-cgi-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-cli-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ctype-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-curl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-dba-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-devel-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-doc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-dom-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-enchant-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-exif-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-fileinfo-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-filter-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-fpm-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ftp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gd-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gettext-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-gmp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-hash-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-iconv-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-imap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ini-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-intl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-json-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-ldap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mbstring-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mcrypt-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mssql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysqli-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-mysqlnd-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-odbc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-openssl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pcntl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_dblib-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_mysql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_odbc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_pgsql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pdo_sqlite-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pgsql-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-phar-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-posix-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-pspell-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-readline-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-recode-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-session-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-shmop-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-snmp-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-soap-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sockets-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sqlite-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sqlite3-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sybase_ct-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvmsg-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvsem-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-sysvshm-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-tidy-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-timezonedb-2012.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-tokenizer-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-wddx-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xml-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlreader-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlrpc-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xmlwriter-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-xsl-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-zip-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"php-zlib-5.3.15-0.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_APACHE2-MOD_PHP5-8239.NASL
description	This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
last seen	2020-06-05
modified	2012-08-24
plugin id	61658
published	2012-08-24
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61658
title	SuSE 10 Security Update : php5 (ZYPP Patch Number 8239)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(61658); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2688", "CVE-2012-3365"); script_name(english:"SuSE 10 Security Update : php5 (ZYPP Patch Number 8239)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2688.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3365.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8239."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:4, reference:"apache2-mod_php5-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-bcmath-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-bz2-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-calendar-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ctype-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-curl-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dba-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dbase-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-devel-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-dom-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-exif-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-fastcgi-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ftp-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gd-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gettext-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-gmp-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-hash-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-iconv-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-imap-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-json-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ldap-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mbstring-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mcrypt-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mhash-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-mysql-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-ncurses-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-odbc-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-openssl-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pcntl-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pdo-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pear-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pgsql-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-posix-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-pspell-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-shmop-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-snmp-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-soap-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sockets-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sqlite-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-suhosin-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvmsg-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvsem-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-sysvshm-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-tokenizer-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-wddx-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlreader-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xmlrpc-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-xsl-5.2.14-0.36.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"php5-zlib-5.2.14-0.36.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	CGI abuses
NASL id	PHP_5_3_15.NASL
description	According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities : - An unspecified overflow vulnerability exists in the function
last seen	2020-06-01
modified	2020-06-02
plugin id	60085
published	2012-07-20
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/60085
title	PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(60085); script_version("1.9"); script_cvs_date("Date: 2018/07/24 18:56:10"); script_cve_id("CVE-2012-2688", "CVE-2012-3365"); script_bugtraq_id(54612, 54638); script_name(english:"PHP 5.3.x < 5.3.15 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP"); script_set_attribute( attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities : - An unspecified overflow vulnerability exists in the function '_php_stream_scandir' in the file 'main/streams/streams.c'. (CVE-2012-2688) - An unspecified error exists that can allow the 'open_basedir' constraint to be bypassed. (CVE-2012-3365)" ); script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.15"); script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.3.15 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("php_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); if (version !~ "^5\.3\.") exit(0, "The web server listening on port "+port+" does not use PHP version 5.3.x."); if (version =~ "^5\.3\.([0-9]\|1[0-4])($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version+ '\n Fixed version : 5.3.15\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_EC255BD802C611E292D1000D601460A4.NASL
description	MITRE CVE team reports : The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
last seen	2020-06-01
modified	2020-06-02
plugin id	62208
published	2012-09-20
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62208
title	FreeBSD : php5-sqlite -- open_basedir bypass (ec255bd8-02c6-11e2-92d1-000d601460a4)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(62208); script_version("1.6"); script_cvs_date("Date: 2019/10/11 10:17:50"); script_cve_id("CVE-2012-3365"); script_name(english:"FreeBSD : php5-sqlite -- open_basedir bypass (ec255bd8-02c6-11e2-92d1-000d601460a4)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "MITRE CVE team reports : The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors." ); # https://vuxml.freebsd.org/freebsd/ec255bd8-02c6-11e2-92d1-000d601460a4.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5ef2f04f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php52-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php53-sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"php5-sqlite>=5.2<5.2.17_11")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-sqlite>=5.3<5.3.15")) flag++; if (pkg_test(save_report:TRUE, pkg:"php52-sqlite<5.2.17_11")) flag++; if (pkg_test(save_report:TRUE, pkg:"php53-sqlite<5.3.15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201209-03.NASL
description	The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	62236
published	2012-09-24
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62236
title	GLSA-201209-03 : PHP: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201209-03. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(62236); script_version("1.18"); script_cvs_date("Date: 2018/07/12 15:01:52"); script_cve_id("CVE-2011-1398", "CVE-2011-3379", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0830", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2335", "CVE-2012-2336", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450"); script_bugtraq_id(47545, 49754, 50907, 51193, 51806, 51830, 51952, 51954, 52043, 53388, 53403, 53729, 54612, 54638, 54777, 55297); script_xref(name:"GLSA", value:"201209-03"); script_xref(name:"TRA", value:"TRA-2012-01"); script_name(english:"GLSA-201209-03 : PHP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201209-03" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-01" ); script_set_attribute( attribute:"solution", value: "All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.15' All PHP users on ARM should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP CGI Argument Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.3.15", "ge 5.4.5"), vulnerable:make_list("lt 5.3.15", "lt 5.4.5"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-502.NASL
description	Three security issues were fixed in php5 : CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785)
last seen	2020-06-05
modified	2014-06-13
plugin id	74709
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74709
title	openSUSE Security Update : php5 (openSUSE-SU-2012:0976-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-502. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74709); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2688", "CVE-2012-3365"); script_name(english:"openSUSE Security Update : php5 (openSUSE-SU-2012:0976-1)"); script_summary(english:"Check for the openSUSE-2012-502 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Three security issues were fixed in php5 : CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772582" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00019.html" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/20"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-mod_php5-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bcmath-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-bz2-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-calendar-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ctype-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-curl-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dba-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-debugsource-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-devel-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-dom-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-enchant-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-exif-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fastcgi-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fileinfo-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-fpm-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ftp-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gd-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gettext-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-gmp-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-iconv-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-imap-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-intl-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-json-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-json-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-ldap-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mbstring-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mcrypt-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mssql-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-mysql-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-odbc-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-openssl-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pcntl-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pdo-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pear-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pgsql-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-phar-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-posix-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-pspell-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-readline-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-shmop-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-snmp-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-soap-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sockets-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sqlite-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-suhosin-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvmsg-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvsem-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-sysvshm-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tidy-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-tokenizer-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-wddx-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlreader-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlrpc-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xmlwriter-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-xsl-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zip-debuginfo-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-5.3.8-4.27.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"php5-zlib-debuginfo-5.3.8-4.27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-120803.NASL
description	Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
last seen	2020-06-05
modified	2013-01-25
plugin id	64106
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64106
title	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64106); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450"); script_name(english:"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772582" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2688.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3365.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3450.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6634."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"apache2-mod_php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-bcmath-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-bz2-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-calendar-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-ctype-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-curl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-dba-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-dom-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-exif-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-fastcgi-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-fileinfo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-ftp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-gd-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-gettext-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-gmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-iconv-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-intl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-json-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-ldap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-mbstring-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-mcrypt-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-mysql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-odbc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-openssl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-pcntl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-pdo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-pear-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-pgsql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-pspell-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-shmop-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-snmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-soap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-suhosin-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-sysvmsg-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-sysvsem-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-sysvshm-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-tokenizer-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-wddx-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-xmlreader-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-xmlrpc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-xmlwriter-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-xsl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-zip-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"php53-zlib-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"apache2-mod_php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-bcmath-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-bz2-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-calendar-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ctype-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-curl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-dba-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-dom-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-exif-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-fastcgi-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-fileinfo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ftp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gd-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gettext-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-iconv-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-intl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-json-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ldap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mbstring-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mcrypt-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mysql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-odbc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-openssl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pcntl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pdo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pear-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pgsql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pspell-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-shmop-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-snmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-soap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-suhosin-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvmsg-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvsem-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvshm-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-tokenizer-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-wddx-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlreader-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlrpc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlwriter-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xsl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-zip-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-zlib-5.3.8-0.35.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP5-120802.NASL
description	This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
last seen	2020-06-05
modified	2013-01-25
plugin id	64101
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64101
title	SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64101); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2688", "CVE-2012-3365"); script_name(english:"SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772582" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2688.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3365.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6627."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-hash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php5-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLES11", sp:1, reference:"apache2-mod_php5-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-bcmath-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-bz2-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-calendar-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ctype-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-curl-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dba-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dbase-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-dom-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-exif-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-fastcgi-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ftp-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gd-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gettext-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-gmp-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-hash-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-iconv-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-json-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-ldap-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mbstring-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mcrypt-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-mysql-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-odbc-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-openssl-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pcntl-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pdo-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pear-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pgsql-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-pspell-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-shmop-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-snmp-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-soap-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-suhosin-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvmsg-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvsem-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-sysvshm-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-tokenizer-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-wddx-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlreader-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlrpc-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xmlwriter-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-xsl-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-zip-5.2.14-0.7.30.42.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"php5-zlib-5.2.14-0.7.30.42.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_PHP_20140401.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an
last seen	2020-06-01
modified	2020-06-02
plugin id	80736
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80736
title	Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80736); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2011-4718", "CVE-2012-2688", "CVE-2012-3365", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-2110", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-4635", "CVE-2013-4636"); script_name(english:"Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an 'overflow.' (CVE-2012-2688) - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. (CVE-2012-3365) - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. (CVE-2013-1635) - The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. (CVE-2013-1643) - Heap-based buffer overflow in the php_quot_print_encode function in ext/ standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. (CVE-2013-2110) - ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. (CVE-2013-4113) - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4248) - Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. (CVE-2013-4635) - The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. (CVE-2013-4636)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2013-4113-buffer-errors-vulnerability-in-php" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-php script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4abfefa" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-php1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4abfefa" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-php2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4abfefa" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.17.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:php"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^php$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.17.0.5.0", sru:"SRU 11.1.17.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : php\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "php");

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10804.NASL
description	According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version : - An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the
last seen	2020-06-01
modified	2020-06-02
plugin id	102079
published	2017-07-31
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/102079
title	Juniper Junos PHP multiple vulnerabilities (JSA10804)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(102079); script_version ("1.3"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id( "CVE-2012-3365", "CVE-2013-4113", "CVE-2013-6420", "CVE-2014-9425" ); script_bugtraq_id( 54612, 61128, 64225, 71800 ); script_xref(name:"JSA", value:"JSA10804"); script_xref(name:"EDB-ID", value:"30395"); script_name(english:"Juniper Junos PHP multiple vulnerabilities (JSA10804)"); script_summary(english:"Checks the Junos version."); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version : - An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the 'open_basedir' constraint. (CVE-2012-3365) - A heap-based buffer overflow condition exists in file ext/xml/xml.c due to not properly considering parsing depth. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML document that is processed by the xml_parse_into_struct() function, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-4113) - A memory corruption issue exists in the PHP OpenSSL extension in the openssl_x509_parse() function due to improper sanitization of user-supplied input when parsing 'notBefore' and 'notAfter' timestamps in X.509 certificates. An unauthenticated, remote attacker can exploit this issue, via a specially crafted certificate, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-6420) - A double-free error exists in the zend_ts_hash_graceful_destroy() function within file Zend/zend_ts_hash.c that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2014-9425)"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10804"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant Junos software release referenced in Juniper security advisory JSA10804."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/31"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version"); exit(0); } include("audit.inc"); include("junos_kb_cmd_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); fixes = make_array(); fixes['12.1X46'] = '12.1X46-D65'; fixes['12.1X47'] = '12.1X47-D40'; fixes['12.3R12'] = '12.3R12-S5'; fixes['12.3X48'] = '12.3X48-D35'; fixes['14.2'] = '14.2R8'; fixes['15.1'] = '15.1R4'; fixes['15.1X49'] = '15.1X49-D50'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); # Check for J-Web override = TRUE; buf = junos_command_kb_item(cmd:"show configuration \| display set"); if (buf) { pattern = "^set system services web-management http(s)? interface"; if (!junos_check_config(buf:buf, pattern:pattern)) audit(AUDIT_HOST_NOT, 'affected because J-Web is not enabled'); override = FALSE; } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-120802.NASL
description	Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
last seen	2020-06-05
modified	2013-01-25
plugin id	64105
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64105
title	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(64105); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450"); script_name(english:"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772582" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2688.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3365.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3450.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6634."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"apache2-mod_php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-bcmath-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-bz2-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-calendar-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-ctype-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-curl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-dba-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-dom-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-exif-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-fastcgi-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-fileinfo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-ftp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-gd-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-gettext-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-gmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-iconv-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-intl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-json-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-ldap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-mbstring-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-mcrypt-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-mysql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-odbc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-openssl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-pcntl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-pdo-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-pear-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-pgsql-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-pspell-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-shmop-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-snmp-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-soap-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-suhosin-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-sysvmsg-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-sysvsem-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-sysvshm-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-tokenizer-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-wddx-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-xmlreader-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-xmlrpc-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-xmlwriter-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-xsl-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-zip-5.3.8-0.35.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"php53-zlib-5.3.8-0.35.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 54612 CVE ID: CVE-2012-3365 PHP 是一种 HTML 内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3.15之前版本在SQLite扩展中存在错误，可被利用绕过"open_basedir"功能。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net
id	SSV:60290
last seen	2017-11-19
modified	2012-07-24
published	2012-07-24
reporter	Root
title	PHP 5.3.x 'open_basedir'安全限制绕过漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Seebug

References