Vulnerabilities > CVE-2014-3478 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

christos-zoulas

php

CWE-119

nessus

NVD

Published: 2014-07-09

Updated: 2016-11-28

Summary

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

Vulnerable Configurations

Part	Description	Count
Application	Christos_Zoulas Christos Zoulas File 5.00 Christos Zoulas File 5.01 Christos Zoulas File 5.02 Christos Zoulas File 5.03 Christos Zoulas File 5.04 Christos Zoulas File 5.05 Christos Zoulas File 5.06 Christos Zoulas File 5.07 Christos Zoulas File 5.08 Christos Zoulas File 5.09 Christos Zoulas File 5.10 Christos Zoulas File 5.11 Christos Zoulas File 5.12 Christos Zoulas File 5.13 Christos Zoulas File 5.14 Christos Zoulas File 5.15 Christos Zoulas File 5.16 Christos Zoulas File 5.17 Christos Zoulas File 5.18	19
Application	Php PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.29 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13	611

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-145.NASL
description	Brief introduction CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVE-2014-8117 - Stop reporting bad capabilities after the first few. - limit the number of program and section header number of sections - limit recursion level CVE-2015-TEMP (no official CVE number available yet) - NULL pointer deference (PHP bugs: 68739 68740) - out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-03-26
plugin id	82128
published	2015-03-26
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82128
title	Debian DLA-145-1 : php5 security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-145-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82128); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0237", "CVE-2014-0238", "CVE-2014-2270", "CVE-2014-8117"); script_bugtraq_id(66002, 67759, 67765, 71692); script_name(english:"Debian DLA-145-1 : php5 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Brief introduction CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVE-2014-8117 - Stop reporting bad capabilities after the first few. - limit the number of program and section header number of sections - limit recursion level CVE-2015-TEMP (no official CVE number available yet) - NULL pointer deference (PHP bugs: 68739 68740) - out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/01/msg00019.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/php5" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libapache2-mod-php5", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"libapache2-mod-php5filter", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php-pear", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-cgi", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-cli", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-common", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-curl", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-dbg", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-dev", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-enchant", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-gd", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-gmp", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-imap", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-interbase", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-intl", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-ldap", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-mcrypt", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-mysql", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-odbc", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-pgsql", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-pspell", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-recode", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-snmp", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-sqlite", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-sybase", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-tidy", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-xmlrpc", reference:"5.3.3-7+squeeze24")) flag++; if (deb_check(release:"6.0", prefix:"php5-xsl", reference:"5.3.3-7+squeeze24")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-140720.NASL
description	PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to
last seen	2020-06-05
modified	2014-07-30
plugin id	76909
published	2014-07-30
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76909
title	SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(76909); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721"); script_name(english:"SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage. (CVE-2014-3515) - The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. (CVE-2014-0207) - Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. (CVE-2014-3478) - The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP relied on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. (CVE-2014-3479) - The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3480) - The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3487) - Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. (CVE-2014-4670) - Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. (CVE-2014-4698) - The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. (CVE-2014-4721)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884987" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=885961" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=886059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=886060" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0207.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3478.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3479.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3480.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3487.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4670.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4698.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4721.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9537."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, reference:"apache2-mod_php53-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bcmath-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bz2-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-calendar-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ctype-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-curl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dba-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dom-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-exif-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fastcgi-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fileinfo-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ftp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gd-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gettext-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gmp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-iconv-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-intl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-json-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ldap-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mbstring-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mcrypt-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mysql-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-odbc-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-openssl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pcntl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pdo-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pear-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pgsql-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pspell-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-shmop-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-snmp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-soap-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-suhosin-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvmsg-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvsem-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvshm-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-tokenizer-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-wddx-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlreader-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlrpc-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlwriter-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xsl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zip-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zlib-5.3.17-0.27.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-131.NASL
description	Updated file packages fix security vulnerabilities : A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file
last seen	2020-06-01
modified	2020-06-02
plugin id	76439
published	2014-07-10
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76439
title	Mandriva Linux Security Advisory : file (MDVSA-2014:131)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:131. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(76439); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487"); script_bugtraq_id(68120, 68238, 68239, 68241); script_xref(name:"MDVSA", value:"2014:131"); script_name(english:"Mandriva Linux Security Advisory : file (MDVSA-2014:131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated file packages fix security vulnerabilities : A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, CVE-2014-0207, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0282.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"file-5.12-1.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64magic-devel-5.12-1.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64magic-static-devel-5.12-1.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64magic1-5.12-1.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"python-magic-5.12-1.3.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2155.NASL
description	Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	86973
published	2015-11-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86973
title	RHEL 7 : file (RHSA-2015:2155)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2155. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(86973); script_version("2.12"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2015:2155"); script_name(english:"RHEL 7 : file (RHSA-2015:2155)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2155" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0237" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0238" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3478" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3479" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3480" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3487" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3538" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3587" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3710" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8116" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8117" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9652" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9653" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2155"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-debuginfo-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-devel-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-libs-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-static-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"python-magic-5.11-31.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); } }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-367.NASL
description	acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes
last seen	2020-06-01
modified	2020-06-02
plugin id	78310
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78310
title	Amazon Linux AMI : php54 (ALAS-2014-367)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-367. # include("compat.inc"); if (description) { script_id(78310); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3981", "CVE-2014-4049"); script_xref(name:"ALAS", value:"2014-367"); script_name(english:"Amazon Linux AMI : php54 (ALAS-2014-367)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-367.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php54' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php54-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-cli-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-common-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-dba-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-devel-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-gd-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-imap-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-intl-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-process-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-recode-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-soap-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-xml-5.4.30-1.56.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.30-1.56.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_9_5.NASL
description	The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components : - apache_mod_php - Bluetooth - CoreGraphics - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - Libnotify - OpenSSL - QT Media Foundation - ruby Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	77748
published	2014-09-18
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77748
title	Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77748); script_version("1.9"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2013-7345", "CVE-2014-0076", "CVE-2014-0185", "CVE-2014-0195", "CVE-2014-0207", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-1391", "CVE-2014-1943", "CVE-2014-2270", "CVE-2014-2525", "CVE-2014-3470", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3981", "CVE-2014-4049", "CVE-2014-4350", "CVE-2014-4374", "CVE-2014-4376", "CVE-2014-4377", "CVE-2014-4378", "CVE-2014-4379", "CVE-2014-4381", "CVE-2014-4388", "CVE-2014-4389", "CVE-2014-4390", "CVE-2014-4393", "CVE-2014-4394", "CVE-2014-4395", "CVE-2014-4396", "CVE-2014-4397", "CVE-2014-4398", "CVE-2014-4399", "CVE-2014-4400", "CVE-2014-4401", "CVE-2014-4402", "CVE-2014-4403", "CVE-2014-4416", "CVE-2014-4979" ); script_bugtraq_id( 65596, 66002, 66363, 66406, 66478, 67118, 67759, 67765, 67837, 67898, 67899, 67900, 67901, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68852, 69888, 69891, 69892, 69893, 69894, 69895, 69896, 69897, 69898, 69901, 69903, 69905, 69906, 69907, 69908, 69910, 69915, 69916, 69921, 69925, 69931, 69948, 69950 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-09-17-3"); script_name(english:"Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Mac OS X."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components : - apache_mod_php - Bluetooth - CoreGraphics - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - Libnotify - OpenSSL - QT Media Foundation - ruby Note that successful exploitation of the most serious issues can result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/533483/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6443"); script_set_attribute(attribute:"see_also", value:"http://osdir.com/ml/general/2014-09/msg34124.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.9.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/18"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9])+)", string:os); if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "')."); version = match[1]; if (!ereg(pattern:"^10\.9([^0-9]\|$)", string:version)) audit(AUDIT_OS_NOT, "Mac OS X 10.9", "Mac OS X "+version); fixed_version = "10.9.5"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else exit(0, "The host is not affected as it is running Mac OS X "+version+".");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-372.NASL
description	acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes
last seen	2020-06-01
modified	2020-06-02
plugin id	78315
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78315
title	Amazon Linux AMI : php55 (ALAS-2014-372)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-372. # include("compat.inc"); if (description) { script_id(78315); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3981", "CVE-2014-4049"); script_xref(name:"ALAS", value:"2014-372"); script_name(english:"Amazon Linux AMI : php55 (ALAS-2014-372)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-372.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php55' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php55-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-cli-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-common-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-dba-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-devel-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-gd-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-imap-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-intl-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-process-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-recode-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-soap-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-xml-5.5.14-1.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.14-1.75.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-080.NASL
description	Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file
last seen	2020-06-01
modified	2020-06-02
plugin id	82333
published	2015-03-30
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82333
title	Mandriva Linux Security Advisory : php (MDVSA-2015:080)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2278-1.NASL
description	Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2013-7345) Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Jan Kaluza discovered that file did not properly restrict the amount of data read during regex searches. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2014-3538). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	76525
published	2014-07-16
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76525
title	Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : file vulnerabilities (USN-2278-1)

NASL family	CGI abuses
NASL id	PHP_5_6_0.NASL
description	According to its banner, the version of PHP installed on the remote host is a development version of 5.6.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit this issue but has instead relied only on application
last seen	2020-06-01
modified	2020-06-02
plugin id	78556
published	2014-10-17
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78556
title	PHP 5.6.0 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1638-1.NASL
description	This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
last seen	2020-06-01
modified	2020-06-02
plugin id	93161
published	2016-08-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93161
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20151119_FILE_ON_SL7_X.NASL
description	Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures.
last seen	2020-03-18
modified	2015-12-22
plugin id	87555
published	2015-12-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87555
title	Scientific Linux Security Update : file on SL7.x x86_64 (20151119)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2014-192-01.NASL
description	New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	76476
published	2014-07-14
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76476
title	Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-27.NASL
description	Fix various denial of service attacks : CVE-2014-3487 The cdf_read_property_info function does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVE-2014-3480 The cdf_count_chain function in cdf.c in does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. CVE-2014-3479 The cdf_check_stream_offset function in cdf.c relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. CVE-2014-3478 Buffer overflow in the mconvert function in softmagic.c allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. CVE-2014-0238 The cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0207 The cdf_read_short_sector function in cdf.c allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-03-26
plugin id	82175
published	2015-03-26
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82175
title	Debian DLA-27-1 : file security update

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2015-004.NASL
description	The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	82700
published	2015-04-10
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82700
title	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3021.NASL
description	Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
last seen	2020-03-17
modified	2014-09-10
plugin id	77585
published	2014-09-10
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77585
title	Debian DSA-3021-1 : file - security update

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-130.NASL
description	Updated php packages fix security vulnerabilities : The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515). It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). PHP contains a bundled copy of the file utility
last seen	2020-06-01
modified	2020-06-02
plugin id	76438
published	2014-07-10
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76438
title	Mandriva Linux Security Advisory : php (MDVSA-2014:130)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-7782.NASL
description	26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) - Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) - Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) - Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) - Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) CLI server : - Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) Date : - Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) - Fixed regression in fix for bug #67118 (constructor can
last seen	2020-03-17
modified	2014-07-08
plugin id	76392
published	2014-07-08
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76392
title	Fedora 19 : php-5.5.14-1.fc19 (2014-7782)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-2155.NASL
description	Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87137
published	2015-12-02
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87137
title	CentOS 7 : file (CESA-2015:2155)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-7765.NASL
description	26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) - Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) - Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) - Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) - Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) CLI server : - Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) Date : - Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) - Fixed regression in fix for bug #67118 (constructor can
last seen	2020-03-17
modified	2014-07-01
plugin id	76327
published	2014-07-01
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76327
title	Fedora 20 : php-5.5.14-1.fc20 (2014-7765)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-1327.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	78009
published	2014-10-01
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78009
title	RHEL 7 : php (RHSA-2014:1327)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-7992.NASL
description	Security update to new File version 5.19 fixing 8 CVEs found in previous two months. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-07-06
plugin id	76377
published	2014-07-06
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76377
title	Fedora 20 : file-5.19-1.fc20 (2014-7992)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2974.NASL
description	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_sector() function. - CVE-2014-3478 Francisco Alonso of the Red Hat Security Response Team discovered a flaw in the way the truncated pascal string size in the mconvert() function is computed. - CVE-2014-3479 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_check_stream_offset() function. - CVE-2014-3480 Francisco Alonso of the Red Hat Security Response Team reported an insufficient boundary check in the cdf_count_chain() function. - CVE-2014-3487 Francisco Alonso of the Red Hat Security Response Team discovered an incorrect boundary check in the cdf_read_property_info() funtion. - CVE-2014-3515 Stefan Esser discovered that the ArrayObject and the SPLObjectStorage unserialize() handler do not verify the type of unserialized data before using it. A remote attacker could use this flaw to execute arbitrary code. - CVE-2014-4721 Stefan Esser discovered a type confusion issue affecting phpinfo(), which might allow an attacker to obtain sensitive information from process memory.
last seen	2020-03-17
modified	2014-07-09
plugin id	76418
published	2014-07-09
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76418
title	Debian DSA-2974-1 : php5 - security update

NASL family	CGI abuses
NASL id	PHP_5_3_29.NASL
description	According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.29. It is, therefore, affected by the following vulnerabilities : - A heap-based buffer overflow error exists in the file
last seen	2020-06-01
modified	2020-06-02
plugin id	77285
published	2014-08-20
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77285
title	PHP 5.3.x < 5.3.29 Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2014-1327.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	77996
published	2014-10-01
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77996
title	CentOS 7 : php (CESA-2014:1327)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2014-1327.NASL
description	From Red Hat Security Advisory 2014:1327 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	78005
published	2014-10-01
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78005
title	Oracle Linux 7 : php (ELSA-2014-1327)

NASL family	CGI abuses
NASL id	PHP_5_5_14.NASL
description	According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions
last seen	2020-06-01
modified	2020-06-02
plugin id	76282
published	2014-06-27
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76282
title	PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

NASL family	CGI abuses
NASL id	PHP_5_4_30.NASL
description	According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions
last seen	2020-06-01
modified	2020-06-02
plugin id	76281
published	2014-06-27
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76281
title	PHP 5.4.x < 5.4.30 Multiple Vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-2155.NASL
description	From Red Hat Security Advisory 2015:2155 : Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87027
published	2015-11-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87027
title	Oracle Linux 7 : file (ELSA-2015-2155)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-464.NASL
description	This update fixes the following security issues with php, php5 and php53 : - bnc#884986, CVE-2014-0207: file: php5: cdf_read_short_sector insufficient boundary check - bnc#884987, CVE-2014-3478: file: mconvert incorrect handling of truncated pascal string size - bnc#884989, CVE-2014-3479: php53: file: cdf_check_stream_offset insufficient boundary check - bnc#884990, CVE-2014-3480: php53: file: cdf_count_chain insufficient boundary check - bnc#884991, CVE-2014-3487: php53: file: cdf_read_property_info insufficient boundary check - bnc#884992, CVE-2014-3515: php5: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
last seen	2020-06-05
modified	2014-07-24
plugin id	76722
published	2014-07-24
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76722
title	openSUSE Security Update : php / php5 / php53 (openSUSE-SU-2014:0925-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1424.NASL
description	According to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) - An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) - It was found that the fix for CVE-2012-1571 was incomplete the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) - A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) - Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) - A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.(CVE-2014-2270) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources.(CVE-2014-8117) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0237) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory.(CVE-2014-9653) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124927
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124927
title	EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_10_3.NASL
description	The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	82699
published	2015-04-10
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82699
title	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2276-1.NASL
description	Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. (CVE-2014-3515) It was discovered that PHP incorrectly handled certain SPL Iterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4670) It was discovered that PHP incorrectly handled certain ArrayIterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4698) Stefan Esser discovered that PHP incorrectly handled variable types when calling phpinfo(). An attacker could use this issue to possibly gain access to arbitrary memory, possibly containing sensitive information. (CVE-2014-4721). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	76451
published	2014-07-10
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76451
title	Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-382.NASL
description	A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345 .
last seen	2020-06-01
modified	2020-06-02
plugin id	78325
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78325
title	Amazon Linux AMI : file (ALAS-2014-382)

Redhat

advisories

rhsa
id RHSA-2014:1327
rhsa
id RHSA-2014:1765
rhsa
id RHSA-2014:1766

rpms

php-0:5.4.16-23.el7_0.1
php-bcmath-0:5.4.16-23.el7_0.1
php-cli-0:5.4.16-23.el7_0.1
php-common-0:5.4.16-23.el7_0.1
php-dba-0:5.4.16-23.el7_0.1
php-debuginfo-0:5.4.16-23.el7_0.1
php-devel-0:5.4.16-23.el7_0.1
php-embedded-0:5.4.16-23.el7_0.1
php-enchant-0:5.4.16-23.el7_0.1
php-fpm-0:5.4.16-23.el7_0.1
php-gd-0:5.4.16-23.el7_0.1
php-intl-0:5.4.16-23.el7_0.1
php-ldap-0:5.4.16-23.el7_0.1
php-mbstring-0:5.4.16-23.el7_0.1
php-mysql-0:5.4.16-23.el7_0.1
php-mysqlnd-0:5.4.16-23.el7_0.1
php-odbc-0:5.4.16-23.el7_0.1
php-pdo-0:5.4.16-23.el7_0.1
php-pgsql-0:5.4.16-23.el7_0.1
php-process-0:5.4.16-23.el7_0.1
php-pspell-0:5.4.16-23.el7_0.1
php-recode-0:5.4.16-23.el7_0.1
php-snmp-0:5.4.16-23.el7_0.1
php-soap-0:5.4.16-23.el7_0.1
php-xml-0:5.4.16-23.el7_0.1
php-xmlrpc-0:5.4.16-23.el7_0.1
php54-php-0:5.4.16-22.el6
php54-php-0:5.4.16-22.el7
php54-php-bcmath-0:5.4.16-22.el6
php54-php-bcmath-0:5.4.16-22.el7
php54-php-cli-0:5.4.16-22.el6
php54-php-cli-0:5.4.16-22.el7
php54-php-common-0:5.4.16-22.el6
php54-php-common-0:5.4.16-22.el7
php54-php-dba-0:5.4.16-22.el6
php54-php-dba-0:5.4.16-22.el7
php54-php-debuginfo-0:5.4.16-22.el6
php54-php-debuginfo-0:5.4.16-22.el7
php54-php-devel-0:5.4.16-22.el6
php54-php-devel-0:5.4.16-22.el7
php54-php-enchant-0:5.4.16-22.el6
php54-php-enchant-0:5.4.16-22.el7
php54-php-fpm-0:5.4.16-22.el6
php54-php-fpm-0:5.4.16-22.el7
php54-php-gd-0:5.4.16-22.el6
php54-php-gd-0:5.4.16-22.el7
php54-php-imap-0:5.4.16-22.el6
php54-php-intl-0:5.4.16-22.el6
php54-php-intl-0:5.4.16-22.el7
php54-php-ldap-0:5.4.16-22.el6
php54-php-ldap-0:5.4.16-22.el7
php54-php-mbstring-0:5.4.16-22.el6
php54-php-mbstring-0:5.4.16-22.el7
php54-php-mysqlnd-0:5.4.16-22.el6
php54-php-mysqlnd-0:5.4.16-22.el7
php54-php-odbc-0:5.4.16-22.el6
php54-php-odbc-0:5.4.16-22.el7
php54-php-pdo-0:5.4.16-22.el6
php54-php-pdo-0:5.4.16-22.el7
php54-php-pgsql-0:5.4.16-22.el6
php54-php-pgsql-0:5.4.16-22.el7
php54-php-process-0:5.4.16-22.el6
php54-php-process-0:5.4.16-22.el7
php54-php-pspell-0:5.4.16-22.el6
php54-php-pspell-0:5.4.16-22.el7
php54-php-recode-0:5.4.16-22.el6
php54-php-recode-0:5.4.16-22.el7
php54-php-snmp-0:5.4.16-22.el6
php54-php-snmp-0:5.4.16-22.el7
php54-php-soap-0:5.4.16-22.el6
php54-php-soap-0:5.4.16-22.el7
php54-php-tidy-0:5.4.16-22.el6
php54-php-xml-0:5.4.16-22.el6
php54-php-xml-0:5.4.16-22.el7
php54-php-xmlrpc-0:5.4.16-22.el6
php54-php-xmlrpc-0:5.4.16-22.el7
php55-php-0:5.5.6-13.el6
php55-php-0:5.5.6-13.el7
php55-php-bcmath-0:5.5.6-13.el6
php55-php-bcmath-0:5.5.6-13.el7
php55-php-cli-0:5.5.6-13.el6
php55-php-cli-0:5.5.6-13.el7
php55-php-common-0:5.5.6-13.el6
php55-php-common-0:5.5.6-13.el7
php55-php-dba-0:5.5.6-13.el6
php55-php-dba-0:5.5.6-13.el7
php55-php-debuginfo-0:5.5.6-13.el6
php55-php-debuginfo-0:5.5.6-13.el7
php55-php-devel-0:5.5.6-13.el6
php55-php-devel-0:5.5.6-13.el7
php55-php-enchant-0:5.5.6-13.el6
php55-php-enchant-0:5.5.6-13.el7
php55-php-fpm-0:5.5.6-13.el6
php55-php-fpm-0:5.5.6-13.el7
php55-php-gd-0:5.5.6-13.el6
php55-php-gd-0:5.5.6-13.el7
php55-php-gmp-0:5.5.6-13.el6
php55-php-gmp-0:5.5.6-13.el7
php55-php-imap-0:5.5.6-13.el6
php55-php-intl-0:5.5.6-13.el6
php55-php-intl-0:5.5.6-13.el7
php55-php-ldap-0:5.5.6-13.el6
php55-php-ldap-0:5.5.6-13.el7
php55-php-mbstring-0:5.5.6-13.el6
php55-php-mbstring-0:5.5.6-13.el7
php55-php-mysqlnd-0:5.5.6-13.el6
php55-php-mysqlnd-0:5.5.6-13.el7
php55-php-odbc-0:5.5.6-13.el6
php55-php-odbc-0:5.5.6-13.el7
php55-php-opcache-0:5.5.6-13.el6
php55-php-opcache-0:5.5.6-13.el7
php55-php-pdo-0:5.5.6-13.el6
php55-php-pdo-0:5.5.6-13.el7
php55-php-pgsql-0:5.5.6-13.el6
php55-php-pgsql-0:5.5.6-13.el7
php55-php-process-0:5.5.6-13.el6
php55-php-process-0:5.5.6-13.el7
php55-php-pspell-0:5.5.6-13.el6
php55-php-pspell-0:5.5.6-13.el7
php55-php-recode-0:5.5.6-13.el6
php55-php-recode-0:5.5.6-13.el7
php55-php-snmp-0:5.5.6-13.el6
php55-php-snmp-0:5.5.6-13.el7
php55-php-soap-0:5.5.6-13.el6
php55-php-soap-0:5.5.6-13.el7
php55-php-tidy-0:5.5.6-13.el6
php55-php-xml-0:5.5.6-13.el6
php55-php-xml-0:5.5.6-13.el7
php55-php-xmlrpc-0:5.5.6-13.el6
php55-php-xmlrpc-0:5.5.6-13.el7
file-0:5.11-31.el7
file-debuginfo-0:5.11-31.el7
file-devel-0:5.11-31.el7
file-libs-0:5.11-31.el7
file-static-0:5.11-31.el7
python-magic-0:5.11-31.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References