Vulnerabilities > CVE-2013-4635 - Numeric Errors vulnerability in PHP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

php

CWE-189

nessus

NVD

Published: 2013-06-21

Updated: 2013-09-12

Summary

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 1.0 PHP PHP 2.0 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 5.1 PHP PHP 5.3.25 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15	492

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2013-1316-1.NASL
description	The following security issues have been fixed : - CVE-2013-4635 (bnc#828020): - Integer overflow in SdnToJewish() - CVE-2013-4113 (bnc#829207): - heap corruption due to badly formed xml Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83598
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83598
title	SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2013:1316-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83598); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4113", "CVE-2013-4635"); script_bugtraq_id(60731, 61128); script_name(english:"SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following security issues have been fixed : - CVE-2013-4635 (bnc#828020): - Integer overflow in SdnToJewish() - CVE-2013-4113 (bnc#829207): - heap corruption due to badly formed xml Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=b35f4744a67f955b03d2752b14164d9a script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?765b1604" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4113.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4635.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/828020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/829207" ); # https://www.suse.com/support/update/announcement/2013/suse-su-20131316-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3fb87d77" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11 SP3 : zypper in -t patch sdksp3-apache2-mod_php53-8088 SUSE Linux Enterprise Server 11 SP3 for VMware : zypper in -t patch slessp3-apache2-mod_php53-8088 SUSE Linux Enterprise Server 11 SP3 : zypper in -t patch slessp3-apache2-mod_php53-8088 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-mod_php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bcmath-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bz2-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-calendar-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ctype-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-curl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dba-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dom-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-exif-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fastcgi-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fileinfo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ftp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gd-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gettext-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-iconv-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-intl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-json-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ldap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mbstring-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mcrypt-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mysql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-odbc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-openssl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pcntl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pdo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pear-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pgsql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pspell-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-shmop-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-snmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-soap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-suhosin-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvmsg-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvsem-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvshm-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-tokenizer-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-wddx-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlreader-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlrpc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlwriter-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xsl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zip-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zlib-5.3.17-0.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP5"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-130718.NASL
description	The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml
last seen	2020-06-05
modified	2013-08-10
plugin id	69296
published	2013-08-10
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69296
title	SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(69296); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1635", "CVE-2013-1643", "CVE-2013-4113", "CVE-2013-4635"); script_name(english:"SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=807707" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=829207" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1635.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1643.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4113.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4635.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8087 / 8088 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"apache2-mod_php53-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-bcmath-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-bz2-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-calendar-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ctype-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-curl-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-dba-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-dom-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-exif-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-fastcgi-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-fileinfo-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ftp-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gd-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gettext-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-gmp-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-iconv-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-intl-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-json-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-ldap-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mbstring-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mcrypt-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-mysql-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-odbc-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-openssl-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pcntl-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pdo-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pear-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pgsql-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-pspell-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-shmop-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-snmp-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-soap-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-suhosin-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvmsg-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvsem-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-sysvshm-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-tokenizer-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-wddx-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlreader-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlrpc-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xmlwriter-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-xsl-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-zip-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"php53-zlib-5.3.8-0.41.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"apache2-mod_php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-bcmath-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-bz2-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-calendar-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-ctype-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-curl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-dba-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-dom-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-exif-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-fastcgi-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-fileinfo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-ftp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-gd-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-gettext-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-gmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-iconv-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-intl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-json-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-ldap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-mbstring-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-mcrypt-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-mysql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-odbc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-openssl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-pcntl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-pdo-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-pear-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-pgsql-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-pspell-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-shmop-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-snmp-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-soap-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-suhosin-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-sysvmsg-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-sysvsem-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-sysvshm-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-tokenizer-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-wddx-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-xmlreader-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-xmlrpc-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-xmlwriter-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-xsl-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-zip-5.3.17-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"php53-zlib-5.3.17-0.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_5DEF3175F3F94476BA40B46627CC638C.NASL
description	The PHP development team reports : Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
last seen	2020-06-01
modified	2020-06-02
plugin id	68918
published	2013-07-17
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68918
title	FreeBSD : PHP5 -- Integer overflow in Calendar module (5def3175-f3f9-4476-ba40-b46627cc638c)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(68918); script_version("1.2"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2013-4635"); script_name(english:"FreeBSD : PHP5 -- Integer overflow in Calendar module (5def3175-f3f9-4476-ba40-b46627cc638c)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The PHP development team reports : Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function." ); script_set_attribute( attribute:"see_also", value:"https://bugs.php.net/bug.php?id=64895" ); # https://vuxml.freebsd.org/freebsd/5def3175-f3f9-4476-ba40-b46627cc638c.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fcaa93ec" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php53"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"php5>=5.4.0<5.4.16")) flag++; if (pkg_test(save_report:TRUE, pkg:"php53<5.3.26")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CGI abuses
NASL id	PHP_5_4_16.NASL
description	According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.16. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the mimetype detection of
last seen	2020-06-01
modified	2020-06-02
plugin id	66843
published	2013-06-07
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66843
title	PHP 5.4.x < 5.4.16 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66843); script_version("1.15"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-2110", "CVE-2013-4635", "CVE-2013-4636"); script_bugtraq_id(60411, 60728, 60731); script_name(english:"PHP 5.4.x < 5.4.16 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP"); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.16. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the mimetype detection of 'mp3' files that could lead to a denial of service. (Bug #64830) - An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings. (Bug #64879) - An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895) Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number."); # https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60cbc5f0"); # http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/calendar/jewish.c;h=fcc0e5c0b878ebdd41dfeaecf148b755cd5e6f2d;hp=1e7a06c8a6dd0d6bf3b24f912a7fd40b53cbef69;hb=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef;hpb=d4ad8898247da4eca2221e564eb8c025bc783a0b script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8456482e"); script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.4.16"); script_set_attribute(attribute:"solution", value: "Apply the vendor patch or upgrade to PHP version 5.4.16 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4635"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.4)?$") exit(1, "The banner from the PHP install associated with port "+port+" - "+version+" - is not granular enough to make a determination."); if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port); if (version =~ "^5\.4\.([0-9]\|1[0-5])($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version+ '\n Fixed version : 5.4.16\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1905-1.NASL
description	It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. (CVE-2013-4113) It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. (CVE-2013-4635). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	68923
published	2013-07-17
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68923
title	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerabilities (USN-1905-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-130717.NASL
description	The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml
last seen	2020-06-05
modified	2013-08-10
plugin id	69295
published	2013-08-10
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69295
title	SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP5-130718.NASL
description	The following security issues have been fixed : - (bnc#828020):. (CVE-2013-4635) - Integer overflow in SdnToJewish() - (bnc#807707):. (CVE-2013-1635 / CVE-2013-1643) - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir - (bnc#829207):. (CVE-2013-4113) - heap corruption due to badly formed xml
last seen	2020-06-05
modified	2013-08-10
plugin id	69294
published	2013-08-10
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69294
title	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8086)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_PHP_20140401.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an
last seen	2020-06-01
modified	2020-06-02
plugin id	80736
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80736
title	Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)

NASL family	CGI abuses
NASL id	PHP_5_3_26.NASL
description	According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the function
last seen	2020-06-01
modified	2020-06-02
plugin id	66842
published	2013-06-07
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66842
title	PHP 5.3.x < 5.3.26 Multiple Vulnerabilities

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201408-11.NASL
description	The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	77455
published	2014-08-30
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77455
title	GLSA-201408-11 : PHP: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-604.NASL
description	- fixing the following security issues : - CVE-2013-4635.patch (bnc#828020) : - Integer overflow in the SdnToJewish - CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707) : - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir - CVE-2013-4113.patch (bnc#829207) : - heap corruption due to badly formed xml
last seen	2020-06-05
modified	2014-06-13
plugin id	75096
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75096
title	openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_APACHE2-MOD_PHP5-8647.NASL
description	The following security issues have been fixed : - (bnc#828020): o Integer overflow in SdnToJewish(). (CVE-2013-4635) - (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir. (CVE-2013-1635 / CVE-2013-1643) - (bnc#829207): o heap corruption due to badly formed xml. (CVE-2013-4113)
last seen	2020-06-05
modified	2013-08-01
plugin id	69172
published	2013-08-01
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69172
title	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8647)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References