Vulnerabilities > CVE-2014-3670 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
CWE-119
nessus

Summary

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.

Vulnerable Configurations

Part Description Count
Application
Php
632

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1767.NASL
    descriptionFrom Red Hat Security Advisory 2014:1767 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78754
    published2014-10-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78754
    titleOracle Linux 6 / 7 : php (ELSA-2014-1767)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:1767 and 
    # Oracle Linux Security Advisory ELSA-2014-1767 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78754);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710");
      script_bugtraq_id(70611, 70665, 70666, 70807);
      script_xref(name:"RHSA", value:"2014:1767");
    
      script_name(english:"Oracle Linux 6 / 7 : php (ELSA-2014-1767)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:1767 :
    
    Updated php packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 6 and 7.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Server.
    
    A buffer overflow flaw was found in the Exif extension. A specially
    crafted JPEG or TIFF file could cause a PHP application using the
    exif_thumbnail() function to crash or, possibly, execute arbitrary
    code with the privileges of the user running that PHP application.
    (CVE-2014-3670)
    
    An integer overflow flaw was found in the way custom objects were
    unserialized. Specially crafted input processed by the unserialize()
    function could cause a PHP application to crash. (CVE-2014-3669)
    
    An out-of-bounds read flaw was found in the way the File Information
    (fileinfo) extension parsed Executable and Linkable Format (ELF)
    files. A remote attacker could use this flaw to crash a PHP
    application using fileinfo via a specially crafted ELF file.
    (CVE-2014-3710)
    
    An out of bounds read flaw was found in the way the xmlrpc extension
    parsed dates in the ISO 8601 format. A specially crafted XML-RPC
    request or response could possibly cause a PHP application to crash.
    (CVE-2014-3668)
    
    The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat
    Product Security.
    
    All php users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004597.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004598.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-zts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"php-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-bcmath-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-cli-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-common-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-dba-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-devel-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-embedded-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-enchant-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-fpm-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-gd-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-imap-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-intl-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-ldap-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-mbstring-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-mysql-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-odbc-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-pdo-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-pgsql-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-process-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-pspell-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-recode-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-snmp-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-soap-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-tidy-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-xml-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-xmlrpc-5.3.3-40.el6_6")) flag++;
    if (rpm_check(release:"EL6", reference:"php-zts-5.3.3-40.el6_6")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-bcmath-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-cli-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-common-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-dba-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-devel-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-embedded-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-enchant-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-fpm-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-gd-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-intl-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-ldap-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mbstring-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysql-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-mysqlnd-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-odbc-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pdo-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pgsql-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-process-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-pspell-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-recode-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-snmp-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-soap-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xml-5.4.16-23.el7_0.3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"php-xmlrpc-5.4.16-23.el7_0.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-141028.NASL
    descriptionThis update fixes the following vulnerabilities in php : - Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) - Integer overflow in unserialize(). (CVE-2014-3669) - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668)
    last seen2020-06-05
    modified2014-11-18
    plugin id79307
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79307
    titleSuSE 11.3 Security Update : php53 (SAT Patch Number 9916)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79307);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670");
    
      script_name(english:"SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following vulnerabilities in php :
    
      - Heap corruption issue in exif_thumbnail().
        (CVE-2014-3670)
    
      - Integer overflow in unserialize(). (CVE-2014-3669)
    
      - Xmlrpc ISO8601 date format parsing out-of-bounds read in
        mkgmtime(). (CVE-2014-3668)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3668.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3669.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3670.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9916.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:3, reference:"apache2-mod_php53-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-bcmath-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-bz2-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-calendar-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-ctype-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-curl-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-dba-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-dom-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-exif-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-fastcgi-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-fileinfo-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-ftp-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-gd-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-gettext-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-gmp-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-iconv-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-intl-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-json-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-ldap-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-mbstring-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-mcrypt-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-mysql-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-odbc-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-openssl-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-pcntl-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-pdo-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-pear-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-pgsql-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-pspell-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-shmop-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-snmp-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-soap-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-suhosin-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvmsg-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvsem-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvshm-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-tokenizer-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-wddx-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlreader-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlrpc-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlwriter-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-xsl-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-zip-5.3.17-0.31.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"php53-zlib-5.3.17-0.31.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0021.NASL
    descriptionUpdated php packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id80440
    published2015-01-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80440
    titleRHEL 6 : php (RHSA-2015:0021)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0021. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80440);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-3669", "CVE-2014-3670");
      script_bugtraq_id(70611, 70665);
      script_xref(name:"RHSA", value:"2015:0021");
    
      script_name(english:"RHEL 6 : php (RHSA-2015:0021)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated php packages that fix two security issues are now available
    for Red Hat Enterprise Linux 6.5 Extended Update Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Server.
    
    A buffer overflow flaw was found in the Exif extension. A specially
    crafted JPEG or TIFF file could cause a PHP application using the
    exif_thumbnail() function to crash or, possibly, execute arbitrary
    code with the privileges of the user running that PHP application.
    (CVE-2014-3670)
    
    An integer overflow flaw was found in the way custom objects were
    unserialized. Specially crafted input processed by the unserialize()
    function could cause a PHP application to crash. (CVE-2014-3669)
    
    All php users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3670"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-zts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0021";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-bcmath-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-cli-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-cli-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-cli-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-common-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-common-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-common-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-dba-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-dba-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-dba-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-debuginfo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-devel-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-devel-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-devel-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-embedded-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-enchant-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-fpm-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-gd-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-gd-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-gd-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-imap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-imap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-imap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-intl-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-intl-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-intl-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-ldap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-mbstring-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-mysql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-odbc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pdo-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pgsql-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-process-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-process-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-process-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-pspell-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-recode-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-recode-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-recode-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-snmp-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-soap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-soap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-soap-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-tidy-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-xml-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-xml-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-xml-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-xmlrpc-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"php-zts-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"php-zts-5.3.3-27.el6_5.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"php-zts-5.3.3-27.el6_5.3")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141030_PHP53_ON_SL5_X.NASL
    descriptionA buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-11-04
    plugin id78852
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78852
    titleScientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78852);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710");
    
      script_name(english:"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow flaw was found in the Exif extension. A specially
    crafted JPEG or TIFF file could cause a PHP application using the
    exif_thumbnail() function to crash or, possibly, execute arbitrary
    code with the privileges of the user running that PHP application.
    (CVE-2014-3670)
    
    An integer overflow flaw was found in the way custom objects were
    unserialized. Specially crafted input processed by the unserialize()
    function could cause a PHP application to crash. (CVE-2014-3669)
    
    An out-of-bounds read flaw was found in the way the File Information
    (fileinfo) extension parsed Executable and Linkable Format (ELF)
    files. A remote attacker could use this flaw to crash a PHP
    application using fileinfo via a specially crafted ELF file.
    (CVE-2014-3710)
    
    An out of bounds read flaw was found in the way the xmlrpc extension
    parsed dates in the ISO 8601 format. A specially crafted XML-RPC
    request or response could possibly cause a PHP application to crash.
    (CVE-2014-3668)
    
    After installing the updated packages, the httpd daemon must be
    restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=336
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?aed75678"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"php53-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-26.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-26.el5_11")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1824.NASL
    descriptionUpdated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78909
    published2014-11-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78909
    titleRHEL 5 : php (RHSA-2014:1824)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1824. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78909);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-3669", "CVE-2014-3670", "CVE-2014-8626");
      script_bugtraq_id(70611, 70665, 70928);
      script_xref(name:"RHSA", value:"2014:1824");
    
      script_name(english:"RHEL 5 : php (RHSA-2014:1824)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated php packages that fix three security issues are now available
    for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Server.
    
    A buffer overflow flaw was found in the Exif extension. A specially
    crafted JPEG or TIFF file could cause a PHP application using the
    exif_thumbnail() function to crash or, possibly, execute arbitrary
    code with the privileges of the user running that PHP application.
    (CVE-2014-3670)
    
    A stack-based buffer overflow flaw was found in the way the xmlrpc
    extension parsed dates in the ISO 8601 format. A specially crafted
    XML-RPC request or response could possibly cause a PHP application to
    crash. (CVE-2014-8626)
    
    An integer overflow flaw was found in the way custom objects were
    unserialized. Specially crafted input processed by the unserialize()
    function could cause a PHP application to crash. (CVE-2014-3669)
    
    All php users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1824"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1824";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-bcmath-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-bcmath-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-bcmath-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-cli-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-cli-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-cli-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-common-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-common-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-common-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-dba-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-dba-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-dba-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-debuginfo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-devel-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-devel-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-devel-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-gd-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-gd-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-gd-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-imap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-imap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-imap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-ldap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-ldap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-ldap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-mbstring-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-mbstring-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-mbstring-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-mysql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-mysql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-mysql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-ncurses-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-ncurses-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-ncurses-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-odbc-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-odbc-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-odbc-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-pdo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-pdo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-pdo-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-pgsql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-pgsql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-pgsql-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-snmp-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-snmp-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-snmp-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-soap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-soap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-soap-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-xml-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-xml-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-xml-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1824.NASL
    descriptionUpdated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78895
    published2014-11-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78895
    titleCentOS 5 : php (CESA-2014:1824)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1824 and 
    # CentOS Errata and Security Advisory 2014:1824 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78895);
      script_version("1.13");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2014-3669", "CVE-2014-3670", "CVE-2014-8626");
      script_bugtraq_id(70611, 70665, 70928);
      script_xref(name:"RHSA", value:"2014:1824");
    
      script_name(english:"CentOS 5 : php (CESA-2014:1824)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated php packages that fix three security issues are now available
    for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    PHP is an HTML-embedded scripting language commonly used with the
    Apache HTTP Server.
    
    A buffer overflow flaw was found in the Exif extension. A specially
    crafted JPEG or TIFF file could cause a PHP application using the
    exif_thumbnail() function to crash or, possibly, execute arbitrary
    code with the privileges of the user running that PHP application.
    (CVE-2014-3670)
    
    A stack-based buffer overflow flaw was found in the way the xmlrpc
    extension parsed dates in the ISO 8601 format. A specially crafted
    XML-RPC request or response could possibly cause a PHP application to
    crash. (CVE-2014-8626)
    
    An integer overflow flaw was found in the way custom objects were
    unserialized. Specially crafted input processed by the unserialize()
    function could cause a PHP application to crash. (CVE-2014-3669)
    
    All php users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-November/020743.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?78f3ff81"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3669");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"php-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-bcmath-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-cli-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-common-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-dba-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-devel-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-gd-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-imap-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-ldap-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-mbstring-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-mysql-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-ncurses-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-odbc-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-pdo-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-pgsql-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-snmp-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-soap-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-xml-5.1.6-45.el5_11")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"php-xmlrpc-5.1.6-45.el5_11")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1544.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124997
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124997
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124997);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2013-4248",
        "CVE-2014-2497",
        "CVE-2014-3515",
        "CVE-2014-3668",
        "CVE-2014-3670",
        "CVE-2014-9427",
        "CVE-2014-9705",
        "CVE-2015-0231",
        "CVE-2015-3412",
        "CVE-2015-4021",
        "CVE-2015-4024",
        "CVE-2015-4148",
        "CVE-2015-4598",
        "CVE-2015-4599",
        "CVE-2015-4602",
        "CVE-2015-4603",
        "CVE-2015-4604",
        "CVE-2015-4605",
        "CVE-2018-10546",
        "CVE-2018-10548"
      );
      script_bugtraq_id(
        61776,
        66233,
        68237,
        70665,
        70666,
        71833,
        72539,
        73031,
        74700,
        74903,
        75103,
        75233,
        75241,
        75244,
        75249,
        75250,
        75251,
        75252
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - An integer underflow flaw leading to out-of-bounds
        memory access was found in the way PHP's Phar extension
        parsed Phar archives. A specially crafted archive could
        cause PHP to crash or, possibly, execute arbitrary code
        when opened.(CVE-2015-4021)
    
      - An out of bounds read flaw was found in the way the
        xmlrpc extension parsed dates in the ISO 8601 format. A
        specially crafted XML-RPC request or response could
        possibly cause a PHP application to
        crash.(CVE-2014-3668)
    
      - It was found that certain PHP functions did not
        properly handle file names containing a NULL character.
        A remote attacker could possibly use this flaw to make
        a PHP script access unexpected files and bypass
        intended file system access
        restrictions.(CVE-2015-4598)
    
      - A flaw was found in the way PHP handled malformed
        source files when running in CGI mode. A specially
        crafted PHP file could cause PHP CGI to
        crash.(CVE-2014-9427)
    
      - An issue was discovered in PHP before 5.6.36, 7.0.x
        before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before
        7.2.5. ext/ldap/ldap.c allows remote LDAP servers to
        cause a denial of service (NULL pointer dereference and
        application crash) because of mishandling of the
        ldap_get_dn return value.(CVE-2018-10548)
    
      - An infinite loop vulnerability was found in
        ext/iconv/iconv.c in PHP due to the iconv stream not
        rejecting invalid multibyte sequences. A remote
        attacker could use this vulnerability to hang the php
        process and consume resources.(CVE-2018-10546)
    
      - The openssl_x509_parse function in openssl.c in the
        OpenSSL module in PHP before 5.4.18 and 5.5.x before
        5.5.2 does not properly handle a '\\0' character in a
        domain name in the Subject Alternative Name field of an
        X.509 certificate, which allows man-in-the-middle
        attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification
        Authority, a related issue to
        CVE-2009-2408.(CVE-2013-4248)
    
      - A use-after-free flaw was found in the way PHP's
        unserialize() function processed data. If a remote
        attacker was able to pass crafted input to PHP's
        unserialize() function, they could cause the PHP
        interpreter to crash or, possibly, execute arbitrary
        code.(CVE-2015-0231)
    
      - A flaw was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4602)
    
      - It was found that certain PHP functions did not
        properly handle file names containing a NULL character.
        A remote attacker could possibly use this flaw to make
        a PHP script access unexpected files and bypass
        intended file system access
        restrictions.(CVE-2015-3412)
    
      - The mcopy function in softmagic.c in file 5.x, as used
        in the Fileinfo component in PHP before 5.4.40, 5.5.x
        before 5.5.24, and 5.6.x before 5.6.8, does not
        properly restrict a certain offset value, which allows
        remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted string that is mishandled by a 'Python
        script text executable' rule.(CVE-2015-4605)
    
      - A heap buffer overflow flaw was found in the
        enchant_broker_request_dict() function of PHP's enchant
        extension. A specially crafted tag input could possibly
        cause a PHP application to crash.(CVE-2014-9705)
    
      - A buffer overflow flaw was found in the Exif extension.
        A specially crafted JPEG or TIFF file could cause a PHP
        application using the exif_thumbnail() function to
        crash or, possibly, execute arbitrary code with the
        privileges of the user running that PHP
        application.(CVE-2014-3670)
    
      - A flaws was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4148)
    
      - A type confusion issue was found in the SPL ArrayObject
        and SPLObjectStorage classes' unserialize() method. A
        remote attacker able to submit specially crafted input
        to a PHP application, which would then unserialize this
        input using one of the aforementioned methods, could
        use this flaw to execute arbitrary code with the
        privileges of the user running that PHP
        application.(CVE-2014-3515)
    
      - The mget function in softmagic.c in file 5.x, as used
        in the Fileinfo component in PHP before 5.4.40, 5.5.x
        before 5.5.24, and 5.6.x before 5.6.8, does not
        properly maintain a certain pointer relationship, which
        allows remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted string that is mishandled by a 'Python
        script text executable' rule.(CVE-2015-4604)
    
      - A NULL pointer dereference flaw was found in the
        gdImageCreateFromXpm() function of PHP's gd extension.
        A remote attacker could use this flaw to crash a PHP
        application using gd via a specially crafted X PixMap
        (XPM) file.(CVE-2014-2497)
    
      - A flaw was found in the way PHP parsed multipart HTTP
        POST requests. A specially crafted request could cause
        PHP to use an excessive amount of CPU
        time.(CVE-2015-4024)
    
      - Multiple flaws were discovered in the way PHP's Soap
        extension performed object unserialization. Specially
        crafted input processed by the unserialize() function
        could cause a PHP application to disclose portion of
        its memory or crash.(CVE-2015-4599)
    
      - A flaw was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4603)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb62c9b4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-45.h9",
            "php-cli-5.4.16-45.h9",
            "php-common-5.4.16-45.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201411-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201411-04 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79080
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79080
    titleGLSA-201411-04 : PHP: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201411-04.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79080);
      script_version("$Revision: 1.8 $");
      script_cvs_date("$Date: 2015/08/24 13:49:14 $");
    
      script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670");
      script_bugtraq_id(70611, 70665, 70666);
      script_xref(name:"GLSA", value:"201411-04");
    
      script_name(english:"GLSA-201411-04 : PHP: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201411-04
    (PHP: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in PHP. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A context-dependent attacker can possibly execute arbitrary code or
          create a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201411-04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All PHP 5.5 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/php-5.5.18'
        All PHP 5.4 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.34'
        All PHP 5.3 users should upgrade to the latest version. This release
          marks the end of life of the PHP 5.3 series. Future releases of this
          series are not planned. All PHP 5.3 users are encouraged to upgrade to
          the current stable version of PHP 5.5 or previous stable version of PHP
          5.4, which are supported till at least 2016 and 2015 respectively.
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.29'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.5.18", "rge 5.4.34", "rge 5.3.29", "rge 5.4.36", "rge 5.4.37", "rge 5.4.38", "rge 5.4.39", "rge 5.4.35", "rge 5.4.40", "rge 5.4.41", "rge 5.4.42", "rge 5.4.43", "rge 5.4.44", "rge 5.4.45", "rge 5.4.46"), vulnerable:make_list("lt 5.5.18"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-307-03.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78831
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78831
    titleSlackware 14.0 / 14.1 / current : php (SSA:2014-307-03)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-080.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file
    last seen2020-06-01
    modified2020-06-02
    plugin id82333
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82333
    titleMandriva Linux Security Advisory : php (MDVSA-2015:080)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-12983.NASL
    description16 Oct 2014, PHP 5.6.2 Core : - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-03
    plugin id78803
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78803
    titleFedora 21 : php-5.6.2-1.fc21 (2014-12983)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-636.NASL
    description - security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch
    last seen2020-06-05
    modified2014-11-11
    plugin id79102
    published2014-11-11
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79102
    titleopenSUSE Security Update : php5 (openSUSE-SU-2014:1377-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-13031.NASL
    description16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-10-29
    plugin id78708
    published2014-10-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78708
    titleFedora 19 : php-5.5.18-1.fc19 (2014-13031)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141030_PHP_ON_SL6_X.NASL
    descriptionA buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-11-04
    plugin id78853
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78853
    titleScientific Linux Security Update : php on SL6.x, SL7.x i386/x86_64 (20141030)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-202.NASL
    descriptionA vulnerability has been discovered and corrected in php : A heap corruption issue was reported in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id78664
    published2014-10-24
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78664
    titleMandriva Linux Security Advisory : php (MDVSA-2014:202)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1824.NASL
    descriptionFrom Red Hat Security Advisory 2014:1824 : Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78908
    published2014-11-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78908
    titleOracle Linux 5 : php (ELSA-2014-1824)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-435.NASL
    descriptionAn out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670)
    last seen2020-06-01
    modified2020-06-02
    plugin id78778
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78778
    titleAmazon Linux AMI : php55 (ALAS-2014-435)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-13013.NASL
    description16 Oct 2014, PHP 5.5.18 Core : - Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) - Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) - Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) - Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) - Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) cURL : - Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) EXIF : - Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) FPM : - Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) OpenSSL : - Revert regression introduced by fix of bug #41631 Reflection : - Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) Session : - Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) XMLRPC : - Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-10-24
    plugin id78661
    published2014-10-24
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78661
    titleFedora 20 : php-5.5.18-1.fc20 (2014-13013)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1767.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78759
    published2014-10-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78759
    titleRHEL 6 / 7 : php (RHSA-2014:1767)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1768.NASL
    descriptionUpdated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78760
    published2014-10-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78760
    titleRHEL 5 : php53 (RHSA-2014:1768)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2391-1.NASL
    descriptionSymeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3669) Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3670) Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3710) It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78761
    published2014-10-31
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78761
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2391-1)
  • NASL familyCGI abuses
    NASL idPHP_5_4_34.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id78545
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78545
    titlePHP 5.4.x < 5.4.34 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3064.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information : http://php.net/ChangeLog-5.php#5.4.34
    last seen2020-03-17
    modified2014-11-05
    plugin id78861
    published2014-11-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78861
    titleDebian DSA-3064-1 : php5 - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-94.NASL
    descriptionCVE-2014-3668 Fix bug #68027 - fix date parsing in XMLRPC lib CVE-2014-3669 Fix bug #68044: Integer overflow in unserialize() (32-bits only) CVE-2014-3670 Fix bug #68113 (Heap corruption in exif_thumbnail()) CVE-2014-3710 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers Additional bugfix Fix null byte handling in LDAP bindings in ldap-fix.patch NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82239
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82239
    titleDebian DLA-94-1 : php5 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1497-1.NASL
    descriptionphp5 was updated to fix three security issues. The following security issues were fixed : - xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() (CVE-2014-3668). - integer overflow in unserialize() (CVE-2014-3669). - heap corruption issue in exif_thumbnail() (CVE-2014-3670). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-02
    plugin id119958
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119958
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1)
  • NASL familyCGI abuses
    NASL idPHP_5_5_18.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.18. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id78546
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78546
    titlePHP 5.5.x < 5.5.18 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1768.NASL
    descriptionUpdated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78783
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78783
    titleCentOS 5 : php53 (CESA-2014:1768)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1767.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78782
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78782
    titleCentOS 6 / 7 : php (CESA-2014:1767)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-645.NASL
    description - security update : - CVE-2014-3670 [bnc#902357] - CVE-2014-3669 [bnc#902360] - CVE-2014-3668 [bnc#902368] - added patches : - php-CVE-2014-3670.patch - php-CVE-2014-3669.patch - php-CVE-2014-3668.patch
    last seen2020-06-05
    modified2014-11-12
    plugin id79198
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79198
    titleopenSUSE Security Update : php5 (openSUSE-SU-2014:1391-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-434.NASL
    descriptionAn out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670)
    last seen2020-06-01
    modified2020-06-02
    plugin id78777
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78777
    titleAmazon Linux AMI : php54 (ALAS-2014-434)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141106_PHP_ON_SL5_X.NASL
    descriptionA buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-11-10
    plugin id79082
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79082
    titleScientific Linux Security Update : php on SL5.x i386/x86_64 (20141106)
  • NASL familyCGI abuses
    NASL idPHP_5_6_2.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.2. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id78547
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78547
    titlePHP 5.6.x < 5.6.2 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1768.NASL
    descriptionFrom Red Hat Security Advisory 2014:1768 : Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78755
    published2014-10-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78755
    titleOracle Linux 5 : php53 (ELSA-2014-1768)

Redhat

advisories
  • rhsa
    idRHSA-2014:1765
  • rhsa
    idRHSA-2014:1766
  • rhsa
    idRHSA-2014:1767
  • rhsa
    idRHSA-2014:1768
  • rhsa
    idRHSA-2014:1824
rpms
  • php54-php-0:5.4.16-22.el6
  • php54-php-0:5.4.16-22.el7
  • php54-php-bcmath-0:5.4.16-22.el6
  • php54-php-bcmath-0:5.4.16-22.el7
  • php54-php-cli-0:5.4.16-22.el6
  • php54-php-cli-0:5.4.16-22.el7
  • php54-php-common-0:5.4.16-22.el6
  • php54-php-common-0:5.4.16-22.el7
  • php54-php-dba-0:5.4.16-22.el6
  • php54-php-dba-0:5.4.16-22.el7
  • php54-php-debuginfo-0:5.4.16-22.el6
  • php54-php-debuginfo-0:5.4.16-22.el7
  • php54-php-devel-0:5.4.16-22.el6
  • php54-php-devel-0:5.4.16-22.el7
  • php54-php-enchant-0:5.4.16-22.el6
  • php54-php-enchant-0:5.4.16-22.el7
  • php54-php-fpm-0:5.4.16-22.el6
  • php54-php-fpm-0:5.4.16-22.el7
  • php54-php-gd-0:5.4.16-22.el6
  • php54-php-gd-0:5.4.16-22.el7
  • php54-php-imap-0:5.4.16-22.el6
  • php54-php-intl-0:5.4.16-22.el6
  • php54-php-intl-0:5.4.16-22.el7
  • php54-php-ldap-0:5.4.16-22.el6
  • php54-php-ldap-0:5.4.16-22.el7
  • php54-php-mbstring-0:5.4.16-22.el6
  • php54-php-mbstring-0:5.4.16-22.el7
  • php54-php-mysqlnd-0:5.4.16-22.el6
  • php54-php-mysqlnd-0:5.4.16-22.el7
  • php54-php-odbc-0:5.4.16-22.el6
  • php54-php-odbc-0:5.4.16-22.el7
  • php54-php-pdo-0:5.4.16-22.el6
  • php54-php-pdo-0:5.4.16-22.el7
  • php54-php-pgsql-0:5.4.16-22.el6
  • php54-php-pgsql-0:5.4.16-22.el7
  • php54-php-process-0:5.4.16-22.el6
  • php54-php-process-0:5.4.16-22.el7
  • php54-php-pspell-0:5.4.16-22.el6
  • php54-php-pspell-0:5.4.16-22.el7
  • php54-php-recode-0:5.4.16-22.el6
  • php54-php-recode-0:5.4.16-22.el7
  • php54-php-snmp-0:5.4.16-22.el6
  • php54-php-snmp-0:5.4.16-22.el7
  • php54-php-soap-0:5.4.16-22.el6
  • php54-php-soap-0:5.4.16-22.el7
  • php54-php-tidy-0:5.4.16-22.el6
  • php54-php-xml-0:5.4.16-22.el6
  • php54-php-xml-0:5.4.16-22.el7
  • php54-php-xmlrpc-0:5.4.16-22.el6
  • php54-php-xmlrpc-0:5.4.16-22.el7
  • php55-php-0:5.5.6-13.el6
  • php55-php-0:5.5.6-13.el7
  • php55-php-bcmath-0:5.5.6-13.el6
  • php55-php-bcmath-0:5.5.6-13.el7
  • php55-php-cli-0:5.5.6-13.el6
  • php55-php-cli-0:5.5.6-13.el7
  • php55-php-common-0:5.5.6-13.el6
  • php55-php-common-0:5.5.6-13.el7
  • php55-php-dba-0:5.5.6-13.el6
  • php55-php-dba-0:5.5.6-13.el7
  • php55-php-debuginfo-0:5.5.6-13.el6
  • php55-php-debuginfo-0:5.5.6-13.el7
  • php55-php-devel-0:5.5.6-13.el6
  • php55-php-devel-0:5.5.6-13.el7
  • php55-php-enchant-0:5.5.6-13.el6
  • php55-php-enchant-0:5.5.6-13.el7
  • php55-php-fpm-0:5.5.6-13.el6
  • php55-php-fpm-0:5.5.6-13.el7
  • php55-php-gd-0:5.5.6-13.el6
  • php55-php-gd-0:5.5.6-13.el7
  • php55-php-gmp-0:5.5.6-13.el6
  • php55-php-gmp-0:5.5.6-13.el7
  • php55-php-imap-0:5.5.6-13.el6
  • php55-php-intl-0:5.5.6-13.el6
  • php55-php-intl-0:5.5.6-13.el7
  • php55-php-ldap-0:5.5.6-13.el6
  • php55-php-ldap-0:5.5.6-13.el7
  • php55-php-mbstring-0:5.5.6-13.el6
  • php55-php-mbstring-0:5.5.6-13.el7
  • php55-php-mysqlnd-0:5.5.6-13.el6
  • php55-php-mysqlnd-0:5.5.6-13.el7
  • php55-php-odbc-0:5.5.6-13.el6
  • php55-php-odbc-0:5.5.6-13.el7
  • php55-php-opcache-0:5.5.6-13.el6
  • php55-php-opcache-0:5.5.6-13.el7
  • php55-php-pdo-0:5.5.6-13.el6
  • php55-php-pdo-0:5.5.6-13.el7
  • php55-php-pgsql-0:5.5.6-13.el6
  • php55-php-pgsql-0:5.5.6-13.el7
  • php55-php-process-0:5.5.6-13.el6
  • php55-php-process-0:5.5.6-13.el7
  • php55-php-pspell-0:5.5.6-13.el6
  • php55-php-pspell-0:5.5.6-13.el7
  • php55-php-recode-0:5.5.6-13.el6
  • php55-php-recode-0:5.5.6-13.el7
  • php55-php-snmp-0:5.5.6-13.el6
  • php55-php-snmp-0:5.5.6-13.el7
  • php55-php-soap-0:5.5.6-13.el6
  • php55-php-soap-0:5.5.6-13.el7
  • php55-php-tidy-0:5.5.6-13.el6
  • php55-php-xml-0:5.5.6-13.el6
  • php55-php-xml-0:5.5.6-13.el7
  • php55-php-xmlrpc-0:5.5.6-13.el6
  • php55-php-xmlrpc-0:5.5.6-13.el7
  • php-0:5.3.3-40.el6_6
  • php-0:5.4.16-23.el7_0.3
  • php-bcmath-0:5.3.3-40.el6_6
  • php-bcmath-0:5.4.16-23.el7_0.3
  • php-cli-0:5.3.3-40.el6_6
  • php-cli-0:5.4.16-23.el7_0.3
  • php-common-0:5.3.3-40.el6_6
  • php-common-0:5.4.16-23.el7_0.3
  • php-dba-0:5.3.3-40.el6_6
  • php-dba-0:5.4.16-23.el7_0.3
  • php-debuginfo-0:5.3.3-40.el6_6
  • php-debuginfo-0:5.4.16-23.el7_0.3
  • php-devel-0:5.3.3-40.el6_6
  • php-devel-0:5.4.16-23.el7_0.3
  • php-embedded-0:5.3.3-40.el6_6
  • php-embedded-0:5.4.16-23.el7_0.3
  • php-enchant-0:5.3.3-40.el6_6
  • php-enchant-0:5.4.16-23.el7_0.3
  • php-fpm-0:5.3.3-40.el6_6
  • php-fpm-0:5.4.16-23.el7_0.3
  • php-gd-0:5.3.3-40.el6_6
  • php-gd-0:5.4.16-23.el7_0.3
  • php-imap-0:5.3.3-40.el6_6
  • php-intl-0:5.3.3-40.el6_6
  • php-intl-0:5.4.16-23.el7_0.3
  • php-ldap-0:5.3.3-40.el6_6
  • php-ldap-0:5.4.16-23.el7_0.3
  • php-mbstring-0:5.3.3-40.el6_6
  • php-mbstring-0:5.4.16-23.el7_0.3
  • php-mysql-0:5.3.3-40.el6_6
  • php-mysql-0:5.4.16-23.el7_0.3
  • php-mysqlnd-0:5.4.16-23.el7_0.3
  • php-odbc-0:5.3.3-40.el6_6
  • php-odbc-0:5.4.16-23.el7_0.3
  • php-pdo-0:5.3.3-40.el6_6
  • php-pdo-0:5.4.16-23.el7_0.3
  • php-pgsql-0:5.3.3-40.el6_6
  • php-pgsql-0:5.4.16-23.el7_0.3
  • php-process-0:5.3.3-40.el6_6
  • php-process-0:5.4.16-23.el7_0.3
  • php-pspell-0:5.3.3-40.el6_6
  • php-pspell-0:5.4.16-23.el7_0.3
  • php-recode-0:5.3.3-40.el6_6
  • php-recode-0:5.4.16-23.el7_0.3
  • php-snmp-0:5.3.3-40.el6_6
  • php-snmp-0:5.4.16-23.el7_0.3
  • php-soap-0:5.3.3-40.el6_6
  • php-soap-0:5.4.16-23.el7_0.3
  • php-tidy-0:5.3.3-40.el6_6
  • php-xml-0:5.3.3-40.el6_6
  • php-xml-0:5.4.16-23.el7_0.3
  • php-xmlrpc-0:5.3.3-40.el6_6
  • php-xmlrpc-0:5.4.16-23.el7_0.3
  • php-zts-0:5.3.3-40.el6_6
  • php53-0:5.3.3-26.el5_11
  • php53-bcmath-0:5.3.3-26.el5_11
  • php53-cli-0:5.3.3-26.el5_11
  • php53-common-0:5.3.3-26.el5_11
  • php53-dba-0:5.3.3-26.el5_11
  • php53-debuginfo-0:5.3.3-26.el5_11
  • php53-devel-0:5.3.3-26.el5_11
  • php53-gd-0:5.3.3-26.el5_11
  • php53-imap-0:5.3.3-26.el5_11
  • php53-intl-0:5.3.3-26.el5_11
  • php53-ldap-0:5.3.3-26.el5_11
  • php53-mbstring-0:5.3.3-26.el5_11
  • php53-mysql-0:5.3.3-26.el5_11
  • php53-odbc-0:5.3.3-26.el5_11
  • php53-pdo-0:5.3.3-26.el5_11
  • php53-pgsql-0:5.3.3-26.el5_11
  • php53-process-0:5.3.3-26.el5_11
  • php53-pspell-0:5.3.3-26.el5_11
  • php53-snmp-0:5.3.3-26.el5_11
  • php53-soap-0:5.3.3-26.el5_11
  • php53-xml-0:5.3.3-26.el5_11
  • php53-xmlrpc-0:5.3.3-26.el5_11
  • php-0:5.1.6-45.el5_11
  • php-bcmath-0:5.1.6-45.el5_11
  • php-cli-0:5.1.6-45.el5_11
  • php-common-0:5.1.6-45.el5_11
  • php-dba-0:5.1.6-45.el5_11
  • php-debuginfo-0:5.1.6-45.el5_11
  • php-devel-0:5.1.6-45.el5_11
  • php-gd-0:5.1.6-45.el5_11
  • php-imap-0:5.1.6-45.el5_11
  • php-ldap-0:5.1.6-45.el5_11
  • php-mbstring-0:5.1.6-45.el5_11
  • php-mysql-0:5.1.6-45.el5_11
  • php-ncurses-0:5.1.6-45.el5_11
  • php-odbc-0:5.1.6-45.el5_11
  • php-pdo-0:5.1.6-45.el5_11
  • php-pgsql-0:5.1.6-45.el5_11
  • php-snmp-0:5.1.6-45.el5_11
  • php-soap-0:5.1.6-45.el5_11
  • php-xml-0:5.1.6-45.el5_11
  • php-xmlrpc-0:5.1.6-45.el5_11
  • php-0:5.3.3-27.el6_5.3
  • php-bcmath-0:5.3.3-27.el6_5.3
  • php-cli-0:5.3.3-27.el6_5.3
  • php-common-0:5.3.3-27.el6_5.3
  • php-dba-0:5.3.3-27.el6_5.3
  • php-debuginfo-0:5.3.3-27.el6_5.3
  • php-devel-0:5.3.3-27.el6_5.3
  • php-embedded-0:5.3.3-27.el6_5.3
  • php-enchant-0:5.3.3-27.el6_5.3
  • php-fpm-0:5.3.3-27.el6_5.3
  • php-gd-0:5.3.3-27.el6_5.3
  • php-imap-0:5.3.3-27.el6_5.3
  • php-intl-0:5.3.3-27.el6_5.3
  • php-ldap-0:5.3.3-27.el6_5.3
  • php-mbstring-0:5.3.3-27.el6_5.3
  • php-mysql-0:5.3.3-27.el6_5.3
  • php-odbc-0:5.3.3-27.el6_5.3
  • php-pdo-0:5.3.3-27.el6_5.3
  • php-pgsql-0:5.3.3-27.el6_5.3
  • php-process-0:5.3.3-27.el6_5.3
  • php-pspell-0:5.3.3-27.el6_5.3
  • php-recode-0:5.3.3-27.el6_5.3
  • php-snmp-0:5.3.3-27.el6_5.3
  • php-soap-0:5.3.3-27.el6_5.3
  • php-tidy-0:5.3.3-27.el6_5.3
  • php-xml-0:5.3.3-27.el6_5.3
  • php-xmlrpc-0:5.3.3-27.el6_5.3
  • php-zts-0:5.3.3-27.el6_5.3