Vulnerabilities > CVE-2014-3668 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

php

CWE-119

nessus

NVD

Published: 2014-10-29

Updated: 2024-11-21

Summary

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 5.6.1 PHP PHP 5.5.0 PHP PHP 5.4.32 PHP PHP 5.4.12 PHP PHP 5.4.15 PHP PHP 5.5.16 PHP PHP 5.4.19 PHP PHP 5.6.0 PHP PHP 5.5.1 PHP PHP 5.5.5 PHP PHP 5.5.17 PHP PHP 5.4.14 PHP PHP 5.4.8 PHP PHP 5.5.14 PHP PHP 5.4.17 PHP PHP 5.5.7 PHP PHP 5.4.22 PHP PHP 5.4.9 PHP PHP 5.4.11 PHP PHP 5.5.12 PHP PHP 5.4.10 PHP PHP 5.5.6 PHP PHP 5.4.2 PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.13 PHP PHP 5.4.16 PHP PHP 5.4.18 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.33 PHP PHP 5.5.3 PHP PHP 5.5.8 PHP PHP 5.5.15 PHP PHP 5.5.11 PHP PHP 5.5.13 PHP PHP 5.5.4 PHP PHP 5.5.10 PHP PHP 5.5.2 PHP PHP 5.5.9	633

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2014-1767.NASL
description	From Red Hat Security Advisory 2014:1767 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78754
published	2014-10-31
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78754
title	Oracle Linux 6 / 7 : php (ELSA-2014-1767)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1767 and # Oracle Linux Security Advisory ELSA-2014-1767 respectively. # include("compat.inc"); if (description) { script_id(78754); script_version("1.12"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710"); script_bugtraq_id(70611, 70665, 70666, 70807); script_xref(name:"RHSA", value:"2014:1767"); script_name(english:"Oracle Linux 6 / 7 : php (ELSA-2014-1767)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1767 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004597.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004598.html" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-zts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"php-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-bcmath-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-cli-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-common-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-dba-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-devel-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-embedded-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-enchant-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-fpm-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-gd-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-imap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-intl-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-ldap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-mbstring-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-mysql-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-odbc-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pdo-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pgsql-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-process-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pspell-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-recode-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-snmp-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-soap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-tidy-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-xml-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-xmlrpc-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-zts-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-bcmath-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-cli-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-common-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-dba-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-devel-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-embedded-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-enchant-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-fpm-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-gd-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-intl-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-ldap-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mbstring-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysql-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysqlnd-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-odbc-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pdo-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pgsql-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-process-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pspell-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-recode-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-snmp-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-soap-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xml-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xmlrpc-5.4.16-23.el7_0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_PHP53-141028.NASL
description	This update fixes the following vulnerabilities in php : - Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) - Integer overflow in unserialize(). (CVE-2014-3669) - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668)
last seen	2020-06-05
modified	2014-11-18
plugin id	79307
published	2014-11-18
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79307
title	SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(79307); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670"); script_name(english:"SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following vulnerabilities in php : - Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) - Integer overflow in unserialize(). (CVE-2014-3669) - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902357" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902360" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902368" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3668.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3669.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3670.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9916."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, reference:"apache2-mod_php53-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bcmath-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bz2-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-calendar-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ctype-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-curl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dba-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dom-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-exif-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fastcgi-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fileinfo-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ftp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gd-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gettext-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gmp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-iconv-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-intl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-json-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ldap-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mbstring-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mcrypt-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mysql-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-odbc-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-openssl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pcntl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pdo-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pear-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pgsql-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pspell-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-shmop-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-snmp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-soap-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-suhosin-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvmsg-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvsem-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvshm-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-tokenizer-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-wddx-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlreader-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlrpc-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlwriter-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xsl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zip-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zlib-5.3.17-0.31.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20141030_PHP53_ON_SL5_X.NASL
description	A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-03-18
modified	2014-11-04
plugin id	78852
published	2014-11-04
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78852
title	Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(78852); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710"); script_name(english:"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=336 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aed75678" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"php53-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-26.el5_11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1544.NASL
description	According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	124997
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124997
title	EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124997); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2013-4248", "CVE-2014-2497", "CVE-2014-3515", "CVE-2014-3668", "CVE-2014-3670", "CVE-2014-9427", "CVE-2014-9705", "CVE-2015-0231", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4024", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2018-10546", "CVE-2018-10548" ); script_bugtraq_id( 61776, 66233, 68237, 70665, 70666, 71833, 72539, 73031, 74700, 74903, 75103, 75233, 75241, 75244, 75249, 75250, 75251, 75252 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-4021) - An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.(CVE-2014-3668) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4598) - A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.(CVE-2014-9427) - An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.(CVE-2018-10548) - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.(CVE-2018-10546) - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4248) - A use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code.(CVE-2015-0231) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4602) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-3412) - The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4605) - A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash.(CVE-2014-9705) - A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3670) - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4148) - A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3515) - The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4604) - A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file.(CVE-2014-2497) - A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.(CVE-2015-4024) - Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.(CVE-2015-4599) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4603) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb62c9b4"); script_set_attribute(attribute:"solution", value: "Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["php-5.4.16-45.h9", "php-cli-5.4.16-45.h9", "php-common-5.4.16-45.h9"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201411-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-201411-04 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	79080
published	2014-11-10
reporter	This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79080
title	GLSA-201411-04 : PHP: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201411-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79080); script_version("$Revision: 1.8 $"); script_cvs_date("$Date: 2015/08/24 13:49:14 $"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670"); script_bugtraq_id(70611, 70665, 70666); script_xref(name:"GLSA", value:"201411-04"); script_name(english:"GLSA-201411-04 : PHP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201411-04 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201411-04" ); script_set_attribute( attribute:"solution", value: "All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.5.18' All PHP 5.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.34' All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.29'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.5.18", "rge 5.4.34", "rge 5.3.29", "rge 5.4.36", "rge 5.4.37", "rge 5.4.38", "rge 5.4.39", "rge 5.4.35", "rge 5.4.40", "rge 5.4.41", "rge 5.4.42", "rge 5.4.43", "rge 5.4.44", "rge 5.4.45", "rge 5.4.46"), vulnerable:make_list("lt 5.5.18"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2014-307-03.NASL
description	New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	78831
published	2014-11-04
reporter	This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78831
title	Slackware 14.0 / 14.1 / current : php (SSA:2014-307-03)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-12983.NASL
description	16 Oct 2014, PHP 5.6.2 Core : - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-11-03
plugin id	78803
published	2014-11-03
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78803
title	Fedora 21 : php-5.6.2-1.fc21 (2014-12983)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-636.NASL
description	- security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch
last seen	2020-06-05
modified	2014-11-11
plugin id	79102
published	2014-11-11
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79102
title	openSUSE Security Update : php5 (openSUSE-SU-2014:1377-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1638-1.NASL
description	This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
last seen	2020-06-01
modified	2020-06-02
plugin id	93161
published	2016-08-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93161
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-13031.NASL
description	16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-10-29
plugin id	78708
published	2014-10-29
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78708
title	Fedora 19 : php-5.5.18-1.fc19 (2014-13031)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20141030_PHP_ON_SL6_X.NASL
description	A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-03-18
modified	2014-11-04
plugin id	78853
published	2014-11-04
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78853
title	Scientific Linux Security Update : php on SL6.x, SL7.x i386/x86_64 (20141030)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2015-004.NASL
description	The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	82700
published	2015-04-10
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82700
title	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-435.NASL
description	An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670)
last seen	2020-06-01
modified	2020-06-02
plugin id	78778
published	2014-11-03
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78778
title	Amazon Linux AMI : php55 (ALAS-2014-435)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-13013.NASL
description	16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-10-24
plugin id	78661
published	2014-10-24
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78661
title	Fedora 20 : php-5.5.18-1.fc20 (2014-13013)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-1767.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78759
published	2014-10-31
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78759
title	RHEL 6 / 7 : php (RHSA-2014:1767)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-1768.NASL
description	Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78760
published	2014-10-31
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78760
title	RHEL 5 : php53 (RHSA-2014:1768)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2391-1.NASL
description	Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3669) Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3670) Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3710) It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	78761
published	2014-10-31
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78761
title	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2391-1)

NASL family	CGI abuses
NASL id	PHP_5_4_34.NASL
description	According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
last seen	2020-06-01
modified	2020-06-02
plugin id	78545
published	2014-10-17
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78545
title	PHP 5.4.x < 5.4.34 Multiple Vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3064.NASL
description	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information : http://php.net/ChangeLog-5.php#5.4.34
last seen	2020-03-17
modified	2014-11-05
plugin id	78861
published	2014-11-05
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78861
title	Debian DSA-3064-1 : php5 - security update

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-94.NASL
description	CVE-2014-3668 Fix bug #68027 - fix date parsing in XMLRPC lib CVE-2014-3669 Fix bug #68044: Integer overflow in unserialize() (32-bits only) CVE-2014-3670 Fix bug #68113 (Heap corruption in exif_thumbnail()) CVE-2014-3710 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers Additional bugfix Fix null byte handling in LDAP bindings in ldap-fix.patch NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-03-26
plugin id	82239
published	2015-03-26
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82239
title	Debian DLA-94-1 : php5 security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2014-1497-1.NASL
description	php5 was updated to fix three security issues. The following security issues were fixed : - xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() (CVE-2014-3668). - integer overflow in unserialize() (CVE-2014-3669). - heap corruption issue in exif_thumbnail() (CVE-2014-3670). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-02
plugin id	119958
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119958
title	SUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1)

NASL family	CGI abuses
NASL id	PHP_5_5_18.NASL
description	According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.18. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
last seen	2020-06-01
modified	2020-06-02
plugin id	78546
published	2014-10-17
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78546
title	PHP 5.5.x < 5.5.18 Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2014-1768.NASL
description	Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78783
published	2014-11-03
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78783
title	CentOS 5 : php53 (CESA-2014:1768)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2014-1767.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78782
published	2014-11-03
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78782
title	CentOS 6 / 7 : php (CESA-2014:1767)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-645.NASL
description	- security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch
last seen	2020-06-05
modified	2014-11-12
plugin id	79198
published	2014-11-12
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79198
title	openSUSE Security Update : php5 (openSUSE-SU-2014:1391-1)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_10_3.NASL
description	The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	82699
published	2015-04-10
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82699
title	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-434.NASL
description	An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670)
last seen	2020-06-01
modified	2020-06-02
plugin id	78777
published	2014-11-03
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78777
title	Amazon Linux AMI : php54 (ALAS-2014-434)

NASL family	CGI abuses
NASL id	PHP_5_6_2.NASL
description	According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.2. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
last seen	2020-06-01
modified	2020-06-02
plugin id	78547
published	2014-10-17
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78547
title	PHP 5.6.x < 5.6.2 Multiple Vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2014-1768.NASL
description	From Red Hat Security Advisory 2014:1768 : Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	78755
published	2014-10-31
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78755
title	Oracle Linux 5 : php53 (ELSA-2014-1768)

Redhat

advisories

rhsa
id RHSA-2014:1765
rhsa
id RHSA-2014:1766
rhsa
id RHSA-2014:1767
rhsa
id RHSA-2014:1768

rpms

php54-php-0:5.4.16-22.el6
php54-php-0:5.4.16-22.el7
php54-php-bcmath-0:5.4.16-22.el6
php54-php-bcmath-0:5.4.16-22.el7
php54-php-cli-0:5.4.16-22.el6
php54-php-cli-0:5.4.16-22.el7
php54-php-common-0:5.4.16-22.el6
php54-php-common-0:5.4.16-22.el7
php54-php-dba-0:5.4.16-22.el6
php54-php-dba-0:5.4.16-22.el7
php54-php-debuginfo-0:5.4.16-22.el6
php54-php-debuginfo-0:5.4.16-22.el7
php54-php-devel-0:5.4.16-22.el6
php54-php-devel-0:5.4.16-22.el7
php54-php-enchant-0:5.4.16-22.el6
php54-php-enchant-0:5.4.16-22.el7
php54-php-fpm-0:5.4.16-22.el6
php54-php-fpm-0:5.4.16-22.el7
php54-php-gd-0:5.4.16-22.el6
php54-php-gd-0:5.4.16-22.el7
php54-php-imap-0:5.4.16-22.el6
php54-php-intl-0:5.4.16-22.el6
php54-php-intl-0:5.4.16-22.el7
php54-php-ldap-0:5.4.16-22.el6
php54-php-ldap-0:5.4.16-22.el7
php54-php-mbstring-0:5.4.16-22.el6
php54-php-mbstring-0:5.4.16-22.el7
php54-php-mysqlnd-0:5.4.16-22.el6
php54-php-mysqlnd-0:5.4.16-22.el7
php54-php-odbc-0:5.4.16-22.el6
php54-php-odbc-0:5.4.16-22.el7
php54-php-pdo-0:5.4.16-22.el6
php54-php-pdo-0:5.4.16-22.el7
php54-php-pgsql-0:5.4.16-22.el6
php54-php-pgsql-0:5.4.16-22.el7
php54-php-process-0:5.4.16-22.el6
php54-php-process-0:5.4.16-22.el7
php54-php-pspell-0:5.4.16-22.el6
php54-php-pspell-0:5.4.16-22.el7
php54-php-recode-0:5.4.16-22.el6
php54-php-recode-0:5.4.16-22.el7
php54-php-snmp-0:5.4.16-22.el6
php54-php-snmp-0:5.4.16-22.el7
php54-php-soap-0:5.4.16-22.el6
php54-php-soap-0:5.4.16-22.el7
php54-php-tidy-0:5.4.16-22.el6
php54-php-xml-0:5.4.16-22.el6
php54-php-xml-0:5.4.16-22.el7
php54-php-xmlrpc-0:5.4.16-22.el6
php54-php-xmlrpc-0:5.4.16-22.el7
php55-php-0:5.5.6-13.el6
php55-php-0:5.5.6-13.el7
php55-php-bcmath-0:5.5.6-13.el6
php55-php-bcmath-0:5.5.6-13.el7
php55-php-cli-0:5.5.6-13.el6
php55-php-cli-0:5.5.6-13.el7
php55-php-common-0:5.5.6-13.el6
php55-php-common-0:5.5.6-13.el7
php55-php-dba-0:5.5.6-13.el6
php55-php-dba-0:5.5.6-13.el7
php55-php-debuginfo-0:5.5.6-13.el6
php55-php-debuginfo-0:5.5.6-13.el7
php55-php-devel-0:5.5.6-13.el6
php55-php-devel-0:5.5.6-13.el7
php55-php-enchant-0:5.5.6-13.el6
php55-php-enchant-0:5.5.6-13.el7
php55-php-fpm-0:5.5.6-13.el6
php55-php-fpm-0:5.5.6-13.el7
php55-php-gd-0:5.5.6-13.el6
php55-php-gd-0:5.5.6-13.el7
php55-php-gmp-0:5.5.6-13.el6
php55-php-gmp-0:5.5.6-13.el7
php55-php-imap-0:5.5.6-13.el6
php55-php-intl-0:5.5.6-13.el6
php55-php-intl-0:5.5.6-13.el7
php55-php-ldap-0:5.5.6-13.el6
php55-php-ldap-0:5.5.6-13.el7
php55-php-mbstring-0:5.5.6-13.el6
php55-php-mbstring-0:5.5.6-13.el7
php55-php-mysqlnd-0:5.5.6-13.el6
php55-php-mysqlnd-0:5.5.6-13.el7
php55-php-odbc-0:5.5.6-13.el6
php55-php-odbc-0:5.5.6-13.el7
php55-php-opcache-0:5.5.6-13.el6
php55-php-opcache-0:5.5.6-13.el7
php55-php-pdo-0:5.5.6-13.el6
php55-php-pdo-0:5.5.6-13.el7
php55-php-pgsql-0:5.5.6-13.el6
php55-php-pgsql-0:5.5.6-13.el7
php55-php-process-0:5.5.6-13.el6
php55-php-process-0:5.5.6-13.el7
php55-php-pspell-0:5.5.6-13.el6
php55-php-pspell-0:5.5.6-13.el7
php55-php-recode-0:5.5.6-13.el6
php55-php-recode-0:5.5.6-13.el7
php55-php-snmp-0:5.5.6-13.el6
php55-php-snmp-0:5.5.6-13.el7
php55-php-soap-0:5.5.6-13.el6
php55-php-soap-0:5.5.6-13.el7
php55-php-tidy-0:5.5.6-13.el6
php55-php-xml-0:5.5.6-13.el6
php55-php-xml-0:5.5.6-13.el7
php55-php-xmlrpc-0:5.5.6-13.el6
php55-php-xmlrpc-0:5.5.6-13.el7
php-0:5.3.3-40.el6_6
php-0:5.4.16-23.el7_0.3
php-bcmath-0:5.3.3-40.el6_6
php-bcmath-0:5.4.16-23.el7_0.3
php-cli-0:5.3.3-40.el6_6
php-cli-0:5.4.16-23.el7_0.3
php-common-0:5.3.3-40.el6_6
php-common-0:5.4.16-23.el7_0.3
php-dba-0:5.3.3-40.el6_6
php-dba-0:5.4.16-23.el7_0.3
php-debuginfo-0:5.3.3-40.el6_6
php-debuginfo-0:5.4.16-23.el7_0.3
php-devel-0:5.3.3-40.el6_6
php-devel-0:5.4.16-23.el7_0.3
php-embedded-0:5.3.3-40.el6_6
php-embedded-0:5.4.16-23.el7_0.3
php-enchant-0:5.3.3-40.el6_6
php-enchant-0:5.4.16-23.el7_0.3
php-fpm-0:5.3.3-40.el6_6
php-fpm-0:5.4.16-23.el7_0.3
php-gd-0:5.3.3-40.el6_6
php-gd-0:5.4.16-23.el7_0.3
php-imap-0:5.3.3-40.el6_6
php-intl-0:5.3.3-40.el6_6
php-intl-0:5.4.16-23.el7_0.3
php-ldap-0:5.3.3-40.el6_6
php-ldap-0:5.4.16-23.el7_0.3
php-mbstring-0:5.3.3-40.el6_6
php-mbstring-0:5.4.16-23.el7_0.3
php-mysql-0:5.3.3-40.el6_6
php-mysql-0:5.4.16-23.el7_0.3
php-mysqlnd-0:5.4.16-23.el7_0.3
php-odbc-0:5.3.3-40.el6_6
php-odbc-0:5.4.16-23.el7_0.3
php-pdo-0:5.3.3-40.el6_6
php-pdo-0:5.4.16-23.el7_0.3
php-pgsql-0:5.3.3-40.el6_6
php-pgsql-0:5.4.16-23.el7_0.3
php-process-0:5.3.3-40.el6_6
php-process-0:5.4.16-23.el7_0.3
php-pspell-0:5.3.3-40.el6_6
php-pspell-0:5.4.16-23.el7_0.3
php-recode-0:5.3.3-40.el6_6
php-recode-0:5.4.16-23.el7_0.3
php-snmp-0:5.3.3-40.el6_6
php-snmp-0:5.4.16-23.el7_0.3
php-soap-0:5.3.3-40.el6_6
php-soap-0:5.4.16-23.el7_0.3
php-tidy-0:5.3.3-40.el6_6
php-xml-0:5.3.3-40.el6_6
php-xml-0:5.4.16-23.el7_0.3
php-xmlrpc-0:5.3.3-40.el6_6
php-xmlrpc-0:5.4.16-23.el7_0.3
php-zts-0:5.3.3-40.el6_6
php53-0:5.3.3-26.el5_11
php53-bcmath-0:5.3.3-26.el5_11
php53-cli-0:5.3.3-26.el5_11
php53-common-0:5.3.3-26.el5_11
php53-dba-0:5.3.3-26.el5_11
php53-debuginfo-0:5.3.3-26.el5_11
php53-devel-0:5.3.3-26.el5_11
php53-gd-0:5.3.3-26.el5_11
php53-imap-0:5.3.3-26.el5_11
php53-intl-0:5.3.3-26.el5_11
php53-ldap-0:5.3.3-26.el5_11
php53-mbstring-0:5.3.3-26.el5_11
php53-mysql-0:5.3.3-26.el5_11
php53-odbc-0:5.3.3-26.el5_11
php53-pdo-0:5.3.3-26.el5_11
php53-pgsql-0:5.3.3-26.el5_11
php53-process-0:5.3.3-26.el5_11
php53-pspell-0:5.3.3-26.el5_11
php53-snmp-0:5.3.3-26.el5_11
php53-soap-0:5.3.3-26.el5_11
php53-xml-0:5.3.3-26.el5_11
php53-xmlrpc-0:5.3.3-26.el5_11

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References