Vulnerabilities > CVE-2013-4113 - Out-of-bounds Write vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1316-1.NASL description The following security issues have been fixed : - CVE-2013-4635 (bnc#828020): - Integer overflow in SdnToJewish() - CVE-2013-4113 (bnc#829207): - heap corruption due to badly formed xml Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83598 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83598 title SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2013:1316-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83598); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4113", "CVE-2013-4635"); script_bugtraq_id(60731, 61128); script_name(english:"SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following security issues have been fixed : - CVE-2013-4635 (bnc#828020): - Integer overflow in SdnToJewish() - CVE-2013-4113 (bnc#829207): - heap corruption due to badly formed xml Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=b35f4744a67f955b03d2752b14164d9a script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?765b1604" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4113.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4635.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/828020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/829207" ); # https://www.suse.com/support/update/announcement/2013/suse-su-20131316-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3fb87d77" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11 SP3 : zypper in -t patch sdksp3-apache2-mod_php53-8088 SUSE Linux Enterprise Server 11 SP3 for VMware : zypper in -t patch slessp3-apache2-mod_php53-8088 SUSE Linux Enterprise Server 11 SP3 : zypper in -t patch slessp3-apache2-mod_php53-8088 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-mod_php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bcmath-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bz2-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-calendar-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ctype-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-curl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dba-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dom-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-exif-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fastcgi-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fileinfo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ftp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gd-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gettext-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-iconv-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-intl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-json-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ldap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mbstring-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mcrypt-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mysql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-odbc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-openssl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pcntl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pdo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pear-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pgsql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pspell-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-shmop-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-snmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-soap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-suhosin-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvmsg-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvsem-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvshm-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-tokenizer-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-wddx-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlreader-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlrpc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlwriter-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xsl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zip-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zlib-5.3.17-0.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP5"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1061.NASL description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.2 and 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79287 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79287 title RHEL 5 / 6 : php (RHSA-2013:1061) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1061. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79287); script_version("1.7"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4113"); script_bugtraq_id(61128); script_xref(name:"RHSA", value:"2013:1061"); script_name(english:"RHEL 5 / 6 : php (RHSA-2013:1061)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.2 and 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4113.html" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2013-1061.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-zts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^(5\.3|5\.6|6\.2|6\.3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.3 / 5.6 / 6.2 / 6.3", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1061"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { sp = get_kb_item("Host/RedHat/minor_release"); if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); flag = 0; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-bcmath-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-bcmath-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-bcmath-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-bcmath-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-bcmath-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-cli-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-cli-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-cli-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-cli-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-cli-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-common-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-common-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-common-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-common-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-common-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-dba-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-dba-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-dba-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-dba-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-dba-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-debuginfo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-debuginfo-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-debuginfo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-debuginfo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-debuginfo-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-devel-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-devel-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-devel-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-devel-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-devel-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-gd-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-gd-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-gd-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-gd-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-gd-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-imap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-imap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-imap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-imap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-imap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-ldap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-ldap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-ldap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-ldap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-ldap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-mbstring-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-mbstring-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-mbstring-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-mbstring-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-mbstring-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-mysql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-mysql-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-mysql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-mysql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-mysql-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-ncurses-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-ncurses-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-ncurses-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-ncurses-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-ncurses-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-odbc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-odbc-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-odbc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-odbc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-odbc-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-pdo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-pdo-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-pdo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-pdo-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-pdo-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-pgsql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-pgsql-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-pgsql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-pgsql-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-pgsql-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-snmp-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-snmp-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-snmp-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-snmp-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-snmp-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-soap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-soap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-soap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-soap-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-soap-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-xml-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-xml-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-xml-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-xml-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-xml-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"php-xmlrpc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"php-xmlrpc-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"php-xmlrpc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"php-xmlrpc-5.1.6-27.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"php-xmlrpc-5.1.6-23.4.el5_3")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-bcmath-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-bcmath-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-bcmath-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-bcmath-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-bcmath-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-bcmath-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-cli-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-cli-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-cli-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-cli-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-cli-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-cli-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-common-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-common-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-common-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-common-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-common-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-common-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-dba-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-dba-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-dba-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-dba-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-dba-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-dba-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-debuginfo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-debuginfo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-debuginfo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-debuginfo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-debuginfo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-debuginfo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-devel-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-devel-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-devel-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-devel-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-devel-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-devel-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-embedded-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-embedded-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-embedded-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-embedded-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-embedded-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-embedded-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-enchant-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-enchant-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-enchant-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-enchant-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-enchant-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-enchant-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-gd-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-gd-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-gd-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-gd-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-gd-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-gd-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-imap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-imap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-imap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-imap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-imap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-imap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-intl-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-intl-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-intl-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-intl-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-intl-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-intl-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-ldap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-ldap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-ldap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-ldap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-ldap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-ldap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-mbstring-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-mbstring-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-mbstring-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-mbstring-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-mbstring-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-mbstring-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-mysql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-mysql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-mysql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-mysql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-mysql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-mysql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-odbc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-odbc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-odbc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-odbc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-odbc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-odbc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-pdo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-pdo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-pdo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-pdo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-pdo-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-pdo-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-pgsql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-pgsql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-pgsql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-pgsql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-pgsql-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-pgsql-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-process-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-process-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-process-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-process-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-process-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-process-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-pspell-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-pspell-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-pspell-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-pspell-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-pspell-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-pspell-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-recode-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-recode-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-recode-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-recode-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-recode-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-recode-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-snmp-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-snmp-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-snmp-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-snmp-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-snmp-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-snmp-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-soap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-soap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-soap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-soap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-soap-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-soap-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-tidy-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-tidy-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-tidy-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-tidy-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-tidy-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-tidy-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-xml-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-xml-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-xml-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-xml-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-xml-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-xml-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-xmlrpc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-xmlrpc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-xmlrpc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-xmlrpc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-xmlrpc-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-xmlrpc-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"php-zts-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"php-zts-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"php-zts-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"php-zts-5.3.3-3.el6_2.10")) flag++; if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"php-zts-5.3.3-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"php-zts-5.3.3-3.el6_2.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc"); } }NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15169.NASL description ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. last seen 2020-06-01 modified 2020-06-02 plugin id 83477 published 2015-05-15 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83477 title F5 Networks BIG-IP : PHP vulnerability (SOL15169) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL15169. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(83477); script_version("2.7"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2013-4113"); script_bugtraq_id(61128); script_name(english:"F5 Networks BIG-IP : PHP vulnerability (SOL15169)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15169" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15169." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL15169"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["AFM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.4.1"); vmatrix["AM"]["unaffected"] = make_list("11.5.0-11.6.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.5.0-11.6.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.4.1"); vmatrix["AVR"]["unaffected"] = make_list("11.5.0-11.6.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("11.5.0-11.6.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["PEM"]["unaffected"] = make_list("11.5.0-11.6.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1050.NASL description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68866 published 2013-07-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68866 title RHEL 5 : php53 (RHSA-2013:1050) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1050. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(68866); script_version("1.19"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4113"); script_xref(name:"RHSA", value:"2013:1050"); script_name(english:"RHEL 5 : php53 (RHSA-2013:1050)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1050" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4113" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1050"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-bcmath-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-bcmath-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-bcmath-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-cli-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-cli-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-cli-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-common-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-common-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-common-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-dba-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-dba-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-dba-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-debuginfo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-debuginfo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-debuginfo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-devel-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-devel-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-devel-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-gd-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-gd-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-gd-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-imap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-imap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-imap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-intl-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-intl-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-intl-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-ldap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-ldap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-ldap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-mbstring-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-mbstring-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-mbstring-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-mysql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-mysql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-mysql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-odbc-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-odbc-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-odbc-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-pdo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-pdo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-pdo-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-pgsql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-pgsql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-pgsql-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-process-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-process-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-process-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-pspell-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-pspell-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-pspell-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-snmp-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-snmp-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-snmp-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-soap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-soap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-soap-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-xml-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-xml-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-xml-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php53-xmlrpc-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php53-xmlrpc-5.3.3-13.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php53-xmlrpc-5.3.3-13.el5_9.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2013-12315.NASL description 04 Jul 2013, PHP 5.4.17 Core : - Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence) - Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) - Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) - Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy) - Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) - Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz) DateTime : - Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol) FPM : - Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) - Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan) PDO : - Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence) PDO_DBlib : - Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool) - Fixed bug #64338 (pdo_dblib can last seen 2020-03-17 modified 2013-07-23 plugin id 69000 published 2013-07-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69000 title Fedora 18 : php-5.4.17-2.fc18 (2013-12315) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-12315. # include("compat.inc"); if (description) { script_id(69000); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4113"); script_bugtraq_id(61128); script_xref(name:"FEDORA", value:"2013-12315"); script_name(english:"Fedora 18 : php-5.4.17-2.fc18 (2013-12315)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "04 Jul 2013, PHP 5.4.17 Core : - Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence) - Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) - Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) - Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy) - Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) - Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz) DateTime : - Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol) FPM : - Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) - Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan) PDO : - Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence) PDO_DBlib : - Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool) - Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool) - Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool) PDO_firebird : - Fixed bug #64037 (Firebird return wrong value for numeric field). (Matheus Degiovani, Matteo) - Fixed bug #62024 (Cannot insert second row with null using parametrized query). (patch by james at kenjim.com, Matheus Degiovani, Matteo) PDO_mysql : - Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). (Antony, Daniel Beardsley) PDO_pgsql : - Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi) pgsql : - Fixed bug #64609 (pg_convert enum type support). (Matteo) Readline : - Implement FR #55694 (Expose additional readline variable to prevent default filename completion). (Hartmel) SPL : - Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems). (Laruence) Backported from 5.4.18 CGI : - Fixed Bug #65143 (Missing php-cgi man page). (Remi) Phar : - Fixed Bug #65142 (Missing phar man page). (Remi) XML : - Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=983689" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112237.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a91adb17" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"php-5.4.17-2.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-12977.NASL description XML : - Fixed bug #65236 (heap corruption in xml parser). CVE-2013-4113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-19 plugin id 68973 published 2013-07-19 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68973 title Fedora 19 : php-5.5.0-2.fc19 (2013-12977) NASL family Scientific Linux Local Security Checks NASL id SL_20130712_PHP_ON_SL5_X.NASL description A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially- crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2013-07-14 plugin id 68868 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68868 title Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20130712) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-130718.NASL description The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml last seen 2020-06-05 modified 2013-08-10 plugin id 69296 published 2013-08-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69296 title SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088) NASL family MacOS X Local Security Checks NASL id MACOSX_10_9_2.NASL description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72687 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72687 title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-211.NASL description A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) last seen 2020-06-01 modified 2020-06-02 plugin id 69769 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69769 title Amazon Linux AMI : php (ALAS-2013-211) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1050.NASL description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68859 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68859 title CentOS 5 : php53 (CESA-2013:1050) NASL family CGI abuses NASL id PHP_5_5_1.NASL description According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.1. It is, therefore, potentially affected by a buffer overflow error that exists in the file last seen 2020-06-01 modified 2020-06-02 plugin id 69348 published 2013-08-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69348 title PHP 5.5.x < 5.5.1 xml.c Buffer Overflow NASL family CGI abuses NASL id PHP_5_4_18.NASL description According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.19. It is, therefore, potentially affected by the following vulnerabilities : - A heap corruption error exists in numerous functions in the file last seen 2020-06-01 modified 2020-06-02 plugin id 69401 published 2013-08-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69401 title PHP 5.4.x < 5.4.19 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1049.NASL description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68858 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68858 title CentOS 5 / 6 : php (CESA-2013:1049) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1905-1.NASL description It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. (CVE-2013-4113) It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. (CVE-2013-4635). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 68923 published 2013-07-17 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68923 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerabilities (USN-1905-1) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-130717.NASL description The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml last seen 2020-06-05 modified 2013-08-10 plugin id 69295 published 2013-08-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69295 title SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP5-130718.NASL description The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#807707):. (CVE-2013-1635 / CVE-2013-1643) - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml last seen 2020-06-05 modified 2013-08-10 plugin id 69294 published 2013-08-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69294 title SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8086) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-197-01.NASL description New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 68916 published 2013-07-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68916 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : php (SSA:2013-197-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1049.NASL description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68865 published 2013-07-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68865 title RHEL 5 / 6 : php (RHSA-2013:1049) NASL family Solaris Local Security Checks NASL id SOLARIS11_PHP_20140401.NASL description The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an last seen 2020-06-01 modified 2020-06-02 plugin id 80736 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80736 title Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1063.NASL description Description of changes: [4.3.9-3.37.0.1] - rebuild with higher version [4.3.9-3.36.0.1] - add security fix for CVE-2013-4113 (orabz: #15820) last seen 2020-06-01 modified 2020-06-02 plugin id 69009 published 2013-07-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69009 title Oracle Linux 4 : php (ELSA-2013-1063) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10804.NASL description According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version : - An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 102079 published 2017-07-31 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102079 title Juniper Junos PHP multiple vulnerabilities (JSA10804) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1050.NASL description From Red Hat Security Advisory 2013:1050 : Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68864 published 2013-07-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68864 title Oracle Linux 5 : php53 (ELSA-2013-1050) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_31B145F2D9D349A9802311CF742205DC.NASL description The PHP development team reports : ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. last seen 2020-06-01 modified 2020-06-02 plugin id 68917 published 2013-07-17 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68917 title FreeBSD : PHP5 -- Heap corruption in XML parser (31b145f2-d9d3-49a9-8023-11cf742205dc) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1062.NASL description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79288 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79288 title RHEL 5 : php53 (RHSA-2013:1062) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1049.NASL description From Red Hat Security Advisory 2013:1049 : Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68863 published 2013-07-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68863 title Oracle Linux 5 / 6 : php (ELSA-2013-1049) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-212.NASL description A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) last seen 2020-06-01 modified 2020-06-02 plugin id 69770 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69770 title Amazon Linux AMI : php54 (ALAS-2013-212) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-11.NASL description The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77455 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77455 title GLSA-201408-11 : PHP: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-604.NASL description - fixing the following security issues : - CVE-2013-4635.patch (bnc#828020) : - Integer overflow in the SdnToJewish - CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707) : - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir - CVE-2013-4113.patch (bnc#829207) : - heap corruption due to badly formed xml last seen 2020-06-05 modified 2014-06-13 plugin id 75096 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75096 title openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-195.NASL description A vulnerability has been discovered and corrected in php : - Fixed PHP bug #65236 (heap corruption in xml parser) (CVE-2013-4113). The updated packages have been upgraded to the 5.3.27 version which is not vulnerable to this issue. The php-timezonedb package has been updated to the 2013.4 version. Additionally, some packages which requires so has been rebuilt for php-5.3.27. last seen 2020-06-01 modified 2020-06-02 plugin id 68862 published 2013-07-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68862 title Mandriva Linux Security Advisory : php (MDVSA-2013:195) NASL family Fedora Local Security Checks NASL id FEDORA_2013-12354.NASL description 04 Jul 2013, PHP 5.4.17 Core : - Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence) - Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence) - Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence) - Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy) - Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol) - Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz) DateTime : - Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol) FPM : - Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi) - Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan) PDO : - Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence) PDO_DBlib : - Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool) - Fixed bug #64338 (pdo_dblib can last seen 2020-03-17 modified 2013-07-23 plugin id 69001 published 2013-07-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69001 title Fedora 17 : php-5.4.17-2.fc17 (2013-12354) NASL family CGI abuses NASL id PHP_5_3_27.NASL description According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.27. It is, therefore, potentially affected by the following vulnerabilities: - A buffer overflow error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 67259 published 2013-07-12 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67259 title PHP 5.3.x < 5.3.27 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2723.NASL description It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. last seen 2020-03-17 modified 2013-07-18 plugin id 68942 published 2013-07-18 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68942 title Debian DSA-2723-1 : php5 - heap corruption NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-8647.NASL description The following security issues have been fixed : - (bnc#828020): o Integer overflow in SdnToJewish(). (CVE-2013-4635) - (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir. (CVE-2013-1635 / CVE-2013-1643) - (bnc#829207): o heap corruption due to badly formed xml. (CVE-2013-4113) last seen 2020-06-05 modified 2013-08-01 plugin id 69172 published 2013-08-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69172 title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8647) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2014-001.NASL description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72688 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72688 title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST) NASL family Scientific Linux Local Security Checks NASL id SL_20130712_PHP53_ON_SL5_X.NASL description A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially- crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2013-07-14 plugin id 68867 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68867 title Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130712)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugs.php.net/bug.php?id=65236
- http://php.net/archive/2013.php#id2013-07-11-1
- https://bugzilla.redhat.com/show_bug.cgi?id=983689
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2013-1049.html
- http://rhn.redhat.com/errata/RHSA-2013-1050.html
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
- http://www.debian.org/security/2013/dsa-2723
- http://secunia.com/advisories/54165
- http://secunia.com/advisories/54163
- http://secunia.com/advisories/54071
- http://rhn.redhat.com/errata/RHSA-2013-1061.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2013-1063.html
- http://www.ubuntu.com/usn/USN-1905-1
- http://secunia.com/advisories/54104
- http://rhn.redhat.com/errata/RHSA-2013-1062.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
- http://support.apple.com/kb/HT6150
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5dc07ef271