Vulnerabilities > CVE-2014-3669 - Numeric Errors vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1767.NASL description From Red Hat Security Advisory 2014:1767 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78754 published 2014-10-31 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78754 title Oracle Linux 6 / 7 : php (ELSA-2014-1767) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1767 and # Oracle Linux Security Advisory ELSA-2014-1767 respectively. # include("compat.inc"); if (description) { script_id(78754); script_version("1.12"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710"); script_bugtraq_id(70611, 70665, 70666, 70807); script_xref(name:"RHSA", value:"2014:1767"); script_name(english:"Oracle Linux 6 / 7 : php (ELSA-2014-1767)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1767 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004597.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004598.html" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-zts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"php-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-bcmath-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-cli-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-common-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-dba-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-devel-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-embedded-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-enchant-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-fpm-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-gd-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-imap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-intl-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-ldap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-mbstring-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-mysql-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-odbc-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pdo-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pgsql-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-process-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-pspell-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-recode-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-snmp-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-soap-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-tidy-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-xml-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-xmlrpc-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"php-zts-5.3.3-40.el6_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-bcmath-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-cli-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-common-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-dba-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-devel-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-embedded-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-enchant-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-fpm-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-gd-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-intl-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-ldap-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mbstring-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysql-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysqlnd-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-odbc-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pdo-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pgsql-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-process-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pspell-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-recode-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-snmp-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-soap-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xml-5.4.16-23.el7_0.3")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xmlrpc-5.4.16-23.el7_0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-141028.NASL description This update fixes the following vulnerabilities in php : - Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) - Integer overflow in unserialize(). (CVE-2014-3669) - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668) last seen 2020-06-05 modified 2014-11-18 plugin id 79307 published 2014-11-18 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79307 title SuSE 11.3 Security Update : php53 (SAT Patch Number 9916) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(79307); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670"); script_name(english:"SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following vulnerabilities in php : - Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) - Integer overflow in unserialize(). (CVE-2014-3669) - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902357" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902360" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902368" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3668.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3669.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3670.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9916."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, reference:"apache2-mod_php53-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bcmath-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bz2-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-calendar-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ctype-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-curl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dba-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dom-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-exif-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fastcgi-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fileinfo-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ftp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gd-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gettext-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gmp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-iconv-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-intl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-json-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ldap-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mbstring-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mcrypt-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mysql-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-odbc-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-openssl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pcntl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pdo-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pear-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pgsql-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pspell-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-shmop-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-snmp-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-soap-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-suhosin-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvmsg-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvsem-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvshm-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-tokenizer-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-wddx-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlreader-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlrpc-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlwriter-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xsl-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zip-5.3.17-0.31.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zlib-5.3.17-0.31.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0021.NASL description Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 80440 published 2015-01-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80440 title RHEL 6 : php (RHSA-2015:0021) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0021. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(80440); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2014-3669", "CVE-2014-3670"); script_bugtraq_id(70611, 70665); script_xref(name:"RHSA", value:"2015:0021"); script_name(english:"RHEL 6 : php (RHSA-2015:0021)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0021" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3669" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3670" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-zts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0021"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-cli-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-cli-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-cli-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-common-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-common-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-common-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-dba-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-dba-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-dba-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-devel-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-devel-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-devel-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-gd-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-gd-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-gd-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-imap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-imap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-imap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-intl-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-intl-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-intl-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-process-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-process-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-process-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-recode-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-recode-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-recode-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-soap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-soap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-soap-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-xml-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-xml-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-xml-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-zts-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-zts-5.3.3-27.el6_5.3")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-zts-5.3.3-27.el6_5.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20141030_PHP53_ON_SL5_X.NASL description A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-11-04 plugin id 78852 published 2014-11-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78852 title Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(78852); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710"); script_name(english:"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=336 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aed75678" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"php53-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-26.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-26.el5_11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1824.NASL description Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78909 published 2014-11-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78909 title RHEL 5 : php (RHSA-2014:1824) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1824. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78909); script_version("1.17"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2014-3669", "CVE-2014-3670", "CVE-2014-8626"); script_bugtraq_id(70611, 70665, 70928); script_xref(name:"RHSA", value:"2014:1824"); script_name(english:"RHEL 5 : php (RHSA-2014:1824)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3669" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3670" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8626" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1824" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1824"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-bcmath-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-bcmath-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-bcmath-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-cli-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-cli-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-cli-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-common-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-common-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-common-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-dba-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-dba-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-dba-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-devel-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-devel-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-devel-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-gd-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-gd-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-gd-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-imap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-imap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-imap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-ldap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-ldap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-ldap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-mbstring-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-mbstring-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-mbstring-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-mysql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-mysql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-mysql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-ncurses-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-ncurses-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-ncurses-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-odbc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-odbc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-odbc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-pdo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-pdo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-pdo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-pgsql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-pgsql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-pgsql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-snmp-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-snmp-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-snmp-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-soap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-soap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-soap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-xml-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-xml-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-xml-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1824.NASL description Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78895 published 2014-11-07 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78895 title CentOS 5 : php (CESA-2014:1824) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1824 and # CentOS Errata and Security Advisory 2014:1824 respectively. # include("compat.inc"); if (description) { script_id(78895); script_version("1.13"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-3669", "CVE-2014-3670", "CVE-2014-8626"); script_bugtraq_id(70611, 70665, 70928); script_xref(name:"RHSA", value:"2014:1824"); script_name(english:"CentOS 5 : php (CESA-2014:1824)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2014-November/020743.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78f3ff81" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3669"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"php-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-bcmath-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-cli-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-common-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-dba-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-devel-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-gd-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-imap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-ldap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-mbstring-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-mysql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-ncurses-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-odbc-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-pdo-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-pgsql-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-snmp-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-soap-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-xml-5.1.6-45.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201411-04.NASL description The remote host is affected by the vulnerability described in GLSA-201411-04 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79080 published 2014-11-10 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79080 title GLSA-201411-04 : PHP: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201411-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79080); script_version("$Revision: 1.8 $"); script_cvs_date("$Date: 2015/08/24 13:49:14 $"); script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670"); script_bugtraq_id(70611, 70665, 70666); script_xref(name:"GLSA", value:"201411-04"); script_name(english:"GLSA-201411-04 : PHP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201411-04 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201411-04" ); script_set_attribute( attribute:"solution", value: "All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.5.18' All PHP 5.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.34' All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.29'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.5.18", "rge 5.4.34", "rge 5.3.29", "rge 5.4.36", "rge 5.4.37", "rge 5.4.38", "rge 5.4.39", "rge 5.4.35", "rge 5.4.40", "rge 5.4.41", "rge 5.4.42", "rge 5.4.43", "rge 5.4.44", "rge 5.4.45", "rge 5.4.46"), vulnerable:make_list("lt 5.5.18"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-307-03.NASL description New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78831 published 2014-11-04 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78831 title Slackware 14.0 / 14.1 / current : php (SSA:2014-307-03) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-080.NASL description Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file last seen 2020-06-01 modified 2020-06-02 plugin id 82333 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82333 title Mandriva Linux Security Advisory : php (MDVSA-2015:080) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12983.NASL description 16 Oct 2014, PHP 5.6.2 Core : - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-03 plugin id 78803 published 2014-11-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78803 title Fedora 21 : php-5.6.2-1.fc21 (2014-12983) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-636.NASL description - security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch last seen 2020-06-05 modified 2014-11-11 plugin id 79102 published 2014-11-11 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79102 title openSUSE Security Update : php5 (openSUSE-SU-2014:1377-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1638-1.NASL description This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don last seen 2020-06-01 modified 2020-06-02 plugin id 93161 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93161 title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) NASL family Fedora Local Security Checks NASL id FEDORA_2014-13031.NASL description 16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-29 plugin id 78708 published 2014-10-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78708 title Fedora 19 : php-5.5.18-1.fc19 (2014-13031) NASL family Scientific Linux Local Security Checks NASL id SL_20141030_PHP_ON_SL6_X.NASL description A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-11-04 plugin id 78853 published 2014-11-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78853 title Scientific Linux Security Update : php on SL6.x, SL7.x i386/x86_64 (20141030) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-004.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82700 published 2015-04-10 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82700 title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1824.NASL description From Red Hat Security Advisory 2014:1824 : Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78908 published 2014-11-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78908 title Oracle Linux 5 : php (ELSA-2014-1824) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-435.NASL description An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) last seen 2020-06-01 modified 2020-06-02 plugin id 78778 published 2014-11-03 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78778 title Amazon Linux AMI : php55 (ALAS-2014-435) NASL family Fedora Local Security Checks NASL id FEDORA_2014-13013.NASL description 16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-24 plugin id 78661 published 2014-10-24 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78661 title Fedora 20 : php-5.5.18-1.fc20 (2014-13013) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1767.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78759 published 2014-10-31 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78759 title RHEL 6 / 7 : php (RHSA-2014:1767) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1768.NASL description Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78760 published 2014-10-31 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78760 title RHEL 5 : php53 (RHSA-2014:1768) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2391-1.NASL description Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3669) Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3670) Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3710) It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78761 published 2014-10-31 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78761 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2391-1) NASL family CGI abuses NASL id PHP_5_4_34.NASL description According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 78545 published 2014-10-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78545 title PHP 5.4.x < 5.4.34 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3064.NASL description Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information : http://php.net/ChangeLog-5.php#5.4.34 last seen 2020-03-17 modified 2014-11-05 plugin id 78861 published 2014-11-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78861 title Debian DSA-3064-1 : php5 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-94.NASL description CVE-2014-3668 Fix bug #68027 - fix date parsing in XMLRPC lib CVE-2014-3669 Fix bug #68044: Integer overflow in unserialize() (32-bits only) CVE-2014-3670 Fix bug #68113 (Heap corruption in exif_thumbnail()) CVE-2014-3710 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers Additional bugfix Fix null byte handling in LDAP bindings in ldap-fix.patch NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82239 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82239 title Debian DLA-94-1 : php5 security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1497-1.NASL description php5 was updated to fix three security issues. The following security issues were fixed : - xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() (CVE-2014-3668). - integer overflow in unserialize() (CVE-2014-3669). - heap corruption issue in exif_thumbnail() (CVE-2014-3670). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-02 plugin id 119958 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119958 title SUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1) NASL family CGI abuses NASL id PHP_5_5_18.NASL description According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.18. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 78546 published 2014-10-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78546 title PHP 5.5.x < 5.5.18 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1768.NASL description Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78783 published 2014-11-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78783 title CentOS 5 : php53 (CESA-2014:1768) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1767.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78782 published 2014-11-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78782 title CentOS 6 / 7 : php (CESA-2014:1767) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-645.NASL description - security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch last seen 2020-06-05 modified 2014-11-12 plugin id 79198 published 2014-11-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79198 title openSUSE Security Update : php5 (openSUSE-SU-2014:1391-1) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_3.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82699 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82699 title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-434.NASL description An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) last seen 2020-06-01 modified 2020-06-02 plugin id 78777 published 2014-11-03 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78777 title Amazon Linux AMI : php54 (ALAS-2014-434) NASL family Scientific Linux Local Security Checks NASL id SL_20141106_PHP_ON_SL5_X.NASL description A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-11-10 plugin id 79082 published 2014-11-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79082 title Scientific Linux Security Update : php on SL5.x i386/x86_64 (20141106) NASL family CGI abuses NASL id PHP_5_6_2.NASL description According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.2. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 78547 published 2014-10-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78547 title PHP 5.6.x < 5.6.2 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1768.NASL description From Red Hat Security Advisory 2014:1768 : Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78755 published 2014-10-31 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78755 title Oracle Linux 5 : php53 (ELSA-2014-1768) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1543.NASL description According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025) - An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669) - It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348) - An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 124996 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124996 title EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)
Redhat
| advisories |
| ||||||||||||||||||||
| rpms |
|
References
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159
- http://linux.oracle.com/errata/ELSA-2014-1767.html
- http://linux.oracle.com/errata/ELSA-2014-1767.html
- http://linux.oracle.com/errata/ELSA-2014-1768.html
- http://linux.oracle.com/errata/ELSA-2014-1768.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://rhn.redhat.com/errata/RHSA-2014-1767.html
- http://rhn.redhat.com/errata/RHSA-2014-1767.html
- http://rhn.redhat.com/errata/RHSA-2014-1768.html
- http://rhn.redhat.com/errata/RHSA-2014-1768.html
- http://rhn.redhat.com/errata/RHSA-2014-1824.html
- http://rhn.redhat.com/errata/RHSA-2014-1824.html
- http://secunia.com/advisories/59967
- http://secunia.com/advisories/59967
- http://secunia.com/advisories/60630
- http://secunia.com/advisories/60630
- http://secunia.com/advisories/60699
- http://secunia.com/advisories/60699
- http://secunia.com/advisories/61763
- http://secunia.com/advisories/61763
- http://secunia.com/advisories/61970
- http://secunia.com/advisories/61970
- http://secunia.com/advisories/61982
- http://secunia.com/advisories/61982
- http://www.debian.org/security/2014/dsa-3064
- http://www.debian.org/security/2014/dsa-3064
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securityfocus.com/bid/70611
- http://www.securityfocus.com/bid/70611
- http://www.ubuntu.com/usn/USN-2391-1
- http://www.ubuntu.com/usn/USN-2391-1
- https://bugs.php.net/bug.php?id=68044
- https://bugs.php.net/bug.php?id=68044
- https://bugzilla.redhat.com/show_bug.cgi?id=1154500
- https://bugzilla.redhat.com/show_bug.cgi?id=1154500
- https://support.apple.com/HT204659
- https://support.apple.com/HT204659