Vulnerabilities > CVE-2014-9705 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
CWE-119
nessus
NVD
Published: 2015-03-30
Updated: 2024-11-21

Summary

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Vulnerable Configurations

Part Description Count
Application
Php
653

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyCGI abuses
    NASL idPHP_5_4_38.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81510
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81510
    titlePHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81510);
  script_version("1.18");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id("CVE-2014-9705", "CVE-2015-0235", "CVE-2015-0273");
  script_bugtraq_id(72325, 72701, 73031);
  script_xref(name:"CERT", value:"967332");

  script_name(english:"PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)");
  script_summary(english:"Checks the version of PHP.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP 5.4.x installed on the
remote host is prior to 5.4.38. It is, therefore, affected by multiple
vulnerabilities :

  - A heap-based buffer overflow flaw in the
    enchant_broker_request_dict function in
    ext/enchant/enchant.c could allow a remote attacker
    to cause a buffer overflow, resulting in
    a denial of service condition or the execution of
    arbitrary code. (CVE-2014-9705)

  - A heap-based buffer overflow flaw in the GNU C Library
    (glibc) due to improperly validating user-supplied input
    in the glibc functions __nss_hostname_digits_dots(),
    gethostbyname(), and gethostbyname2(). This allows a
    remote attacker to cause a buffer overflow, resulting in
    a denial of service condition or the execution of
    arbitrary code. (CVE-2015-0235)

  - A use-after-free flaw exists in the function
    php_date_timezone_initialize_from_hash() within the
    'ext/date/php_date.c' script. An attacker can exploit
    this to access sensitive information or crash
    applications linked to PHP. (CVE-2015-0273)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.38");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68925");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68942");
  # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7a6ddbd");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.4.38 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0235");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

# Check that it is the correct version of PHP
if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);

if (version =~ "^5\.4\.([0-9]|[12][0-9]|3[0-7])($|[^0-9])")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : '+source +
      '\n  Installed version : '+version +
      '\n  Fixed version     : 5.4.38' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201606-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91704
    published2016-06-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91704
    titleGLSA-201606-10 : PHP: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201606-10.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(91704);
  script_version("2.3");
  script_cvs_date("Date: 2019/04/11 17:23:06");

  script_cve_id("CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804");
  script_xref(name:"GLSA", value:"201606-10");

  script_name(english:"GLSA-201606-10 : PHP: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201606-10
(PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    An attacker can possibly execute arbitrary code or create a Denial of
      Service condition.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201606-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
      5.4 is now masked in Portage:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
    All PHP 5.5 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
    All PHP 5.6 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.6.19", "rge 5.5.33", "rge 5.5.34", "rge 5.5.35", "rge 5.5.36", "rge 5.5.37", "rge 5.5.38"), vulnerable:make_list("lt 5.6.19"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-282.NASL
    descriptionPHP was updated to fix several security issues. The following vulnerabilities were fixed : - A specially crafted GIF file could cause a buffer read overflow in php-gd (CVE-2014-9709 bnc#923946) - Memory was use after it was freed in PHAR (CVE-2015-2301 bnc#922022) - heap overflow vulnerability in regcomp.c (CVE-2015-2305 bnc#922452) - heap buffer overflow in Enchant (CVE-2014-9705 bnc#922451) For openSUSE 13.2, the following additional vulnerability was fixed : - A specially crafted zip file could lead to writing past the heap boundary (CVE-2015-2331 bnc#922894)
    last seen2020-06-05
    modified2015-04-02
    plugin id82516
    published2015-04-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82516
    titleopenSUSE Security Update : php5 (openSUSE-2015-282)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-282.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(82516);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2014-9705", "CVE-2014-9709", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2331");

  script_name(english:"openSUSE Security Update : php5 (openSUSE-2015-282)");
  script_summary(english:"Check for the openSUSE-2015-282 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"PHP was updated to fix several security issues.

The following vulnerabilities were fixed :

  - A specially crafted GIF file could cause a buffer read
    overflow in php-gd (CVE-2014-9709 bnc#923946)

  - Memory was use after it was freed in PHAR (CVE-2015-2301
    bnc#922022)

  - heap overflow vulnerability in regcomp.c (CVE-2015-2305
    bnc#922452)

  - heap buffer overflow in Enchant (CVE-2014-9705
    bnc#922451)

For openSUSE 13.2, the following additional vulnerability was fixed :

  - A specially crafted zip file could lead to writing past
    the heap boundary (CVE-2015-2331 bnc#922894)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922022"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=923946"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-debugsource-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-devel-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-json-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-json-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pear-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-debuginfo-5.4.20-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-15.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-15.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1544.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124997
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124997
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124997);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/17");

  script_cve_id(
    "CVE-2013-4248",
    "CVE-2014-2497",
    "CVE-2014-3515",
    "CVE-2014-3668",
    "CVE-2014-3670",
    "CVE-2014-9427",
    "CVE-2014-9705",
    "CVE-2015-0231",
    "CVE-2015-3412",
    "CVE-2015-4021",
    "CVE-2015-4024",
    "CVE-2015-4148",
    "CVE-2015-4598",
    "CVE-2015-4599",
    "CVE-2015-4602",
    "CVE-2015-4603",
    "CVE-2015-4604",
    "CVE-2015-4605",
    "CVE-2018-10546",
    "CVE-2018-10548"
  );
  script_bugtraq_id(
    61776,
    66233,
    68237,
    70665,
    70666,
    71833,
    72539,
    73031,
    74700,
    74903,
    75103,
    75233,
    75241,
    75244,
    75249,
    75250,
    75251,
    75252
  );

  script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerabilities :

  - An integer underflow flaw leading to out-of-bounds
    memory access was found in the way PHP's Phar extension
    parsed Phar archives. A specially crafted archive could
    cause PHP to crash or, possibly, execute arbitrary code
    when opened.(CVE-2015-4021)

  - An out of bounds read flaw was found in the way the
    xmlrpc extension parsed dates in the ISO 8601 format. A
    specially crafted XML-RPC request or response could
    possibly cause a PHP application to
    crash.(CVE-2014-3668)

  - It was found that certain PHP functions did not
    properly handle file names containing a NULL character.
    A remote attacker could possibly use this flaw to make
    a PHP script access unexpected files and bypass
    intended file system access
    restrictions.(CVE-2015-4598)

  - A flaw was found in the way PHP handled malformed
    source files when running in CGI mode. A specially
    crafted PHP file could cause PHP CGI to
    crash.(CVE-2014-9427)

  - An issue was discovered in PHP before 5.6.36, 7.0.x
    before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before
    7.2.5. ext/ldap/ldap.c allows remote LDAP servers to
    cause a denial of service (NULL pointer dereference and
    application crash) because of mishandling of the
    ldap_get_dn return value.(CVE-2018-10548)

  - An infinite loop vulnerability was found in
    ext/iconv/iconv.c in PHP due to the iconv stream not
    rejecting invalid multibyte sequences. A remote
    attacker could use this vulnerability to hang the php
    process and consume resources.(CVE-2018-10546)

  - The openssl_x509_parse function in openssl.c in the
    OpenSSL module in PHP before 5.4.18 and 5.5.x before
    5.5.2 does not properly handle a '\\0' character in a
    domain name in the Subject Alternative Name field of an
    X.509 certificate, which allows man-in-the-middle
    attackers to spoof arbitrary SSL servers via a crafted
    certificate issued by a legitimate Certification
    Authority, a related issue to
    CVE-2009-2408.(CVE-2013-4248)

  - A use-after-free flaw was found in the way PHP's
    unserialize() function processed data. If a remote
    attacker was able to pass crafted input to PHP's
    unserialize() function, they could cause the PHP
    interpreter to crash or, possibly, execute arbitrary
    code.(CVE-2015-0231)

  - A flaw was discovered in the way PHP performed object
    unserialization. Specially crafted input processed by
    the unserialize() function could cause a PHP
    application to crash or, possibly, execute arbitrary
    code.(CVE-2015-4602)

  - It was found that certain PHP functions did not
    properly handle file names containing a NULL character.
    A remote attacker could possibly use this flaw to make
    a PHP script access unexpected files and bypass
    intended file system access
    restrictions.(CVE-2015-3412)

  - The mcopy function in softmagic.c in file 5.x, as used
    in the Fileinfo component in PHP before 5.4.40, 5.5.x
    before 5.5.24, and 5.6.x before 5.6.8, does not
    properly restrict a certain offset value, which allows
    remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via a crafted string that is mishandled by a 'Python
    script text executable' rule.(CVE-2015-4605)

  - A heap buffer overflow flaw was found in the
    enchant_broker_request_dict() function of PHP's enchant
    extension. A specially crafted tag input could possibly
    cause a PHP application to crash.(CVE-2014-9705)

  - A buffer overflow flaw was found in the Exif extension.
    A specially crafted JPEG or TIFF file could cause a PHP
    application using the exif_thumbnail() function to
    crash or, possibly, execute arbitrary code with the
    privileges of the user running that PHP
    application.(CVE-2014-3670)

  - A flaws was discovered in the way PHP performed object
    unserialization. Specially crafted input processed by
    the unserialize() function could cause a PHP
    application to crash or, possibly, execute arbitrary
    code.(CVE-2015-4148)

  - A type confusion issue was found in the SPL ArrayObject
    and SPLObjectStorage classes' unserialize() method. A
    remote attacker able to submit specially crafted input
    to a PHP application, which would then unserialize this
    input using one of the aforementioned methods, could
    use this flaw to execute arbitrary code with the
    privileges of the user running that PHP
    application.(CVE-2014-3515)

  - The mget function in softmagic.c in file 5.x, as used
    in the Fileinfo component in PHP before 5.4.40, 5.5.x
    before 5.5.24, and 5.6.x before 5.6.8, does not
    properly maintain a certain pointer relationship, which
    allows remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via a crafted string that is mishandled by a 'Python
    script text executable' rule.(CVE-2015-4604)

  - A NULL pointer dereference flaw was found in the
    gdImageCreateFromXpm() function of PHP's gd extension.
    A remote attacker could use this flaw to crash a PHP
    application using gd via a specially crafted X PixMap
    (XPM) file.(CVE-2014-2497)

  - A flaw was found in the way PHP parsed multipart HTTP
    POST requests. A specially crafted request could cause
    PHP to use an excessive amount of CPU
    time.(CVE-2015-4024)

  - Multiple flaws were discovered in the way PHP's Soap
    extension performed object unserialization. Specially
    crafted input processed by the unserialize() function
    could cause a PHP application to disclose portion of
    its memory or crash.(CVE-2015-4599)

  - A flaw was discovered in the way PHP performed object
    unserialization. Specially crafted input processed by
    the unserialize() function could cause a PHP
    application to crash or, possibly, execute arbitrary
    code.(CVE-2015-4603)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb62c9b4");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["php-5.4.16-45.h9",
        "php-cli-5.4.16-45.h9",
        "php-common-5.4.16-45.h9"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1218.NASL
    descriptionFrom Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84659
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84659
    titleOracle Linux 6 : php (ELSA-2015-1218)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1135.NASL
    descriptionFrom Red Hat Security Advisory 2015:1135 : Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84351
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84351
    titleOracle Linux 7 : php (ELSA-2015-1135)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150709_PHP_ON_SL6_X.NASL
    descriptionA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-07-13
    plugin id84661
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84661
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86270
    published2015-10-05
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86270
    titleMac OS X < 10.11 Multiple Vulnerabilities (GHOST)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-080.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file
    last seen2020-06-01
    modified2020-06-02
    plugin id82333
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82333
    titleMandriva Linux Security Advisory : php (MDVSA-2015:080)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84355
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84355
    titleRHEL 7 : php (RHSA-2015:1135)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84345
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84345
    titleCentOS 7 : php (CESA-2015:1135)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id84923
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84923
    titleHP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0868-1.NASL
    descriptionPHP was updated to fix ten security issues. The following vulnerabilities were fixed : - CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd (bnc#923946) - CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022) - CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452) - CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451) - CVE-2015-2787: use-after-free vulnerability in the process_nested_data function (bnc#924972) - unserialize SoapClient type confusion (bnc#925109) - CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering a x00 character (bnc#924970) - CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506) - CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506) - CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119964
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119964
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2015:0868-1)
  • NASL familyCGI abuses
    NASL idPHP_5_6_6.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81512
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81512
    titlePHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84660
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84660
    titleRHEL 6 : php (RHSA-2015:1218)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-212.NASL
    descriptionCVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. CVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in phar_set_inode) CVE-2015-3330 PHP potential remote code execution with apache 2.4 apache2handler CVE-2015-temp-68819 denial of service when processing a crafted file with Fileinfo NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-04-30
    plugin id83144
    published2015-04-30
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83144
    titleDebian DLA-212-1 : php5 security update
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-079.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9705). Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-0273). It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-2301). Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331). It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1351). It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1352). The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the CVE-2015-2331 flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.
    last seen2020-06-01
    modified2020-06-02
    plugin id82332
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82332
    titleMandriva Linux Security Advisory : php (MDVSA-2015:079)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2535-1.NASL
    descriptionThomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0273) It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id81950
    published2015-03-19
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81950
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2535-1)
  • NASL familyCGI abuses
    NASL idPHP_5_5_22.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81511
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81511
    titlePHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150623_PHP_ON_SL7_X.NASL
    descriptionA flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-06-25
    plugin id84394
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84394
    titleScientific Linux Security Update : php on SL7.x x86_64 (20150623)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3195.NASL
    descriptionMultiple vulnerabilities have been discovered in the PHP language : - CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). - CVE-2014-9705 Buffer overflow in the enchant extension. - CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. - CVE-2015-0232 Alex Eubanks discovered incorrect memory management in the exif extension. - CVE-2015-0273 Use-after-free in the unserialisation of DateTimeZone.
    last seen2020-03-17
    modified2015-03-19
    plugin id81926
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81926
    titleDebian DSA-3195-1 : php5 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1018-1.NASL
    descriptionPHP 5.3 was updated to fix multiple security issues : bnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026) bnc#931772: overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4022) bnc#931769: memory corruption in phar_parse_tarfile when entry filename starts with NULL (CVE-2015-4021) bnc#931421: multipart/form-data remote denial-of-service vulnerability (CVE-2015-4024) bnc#928511: buffer over-read in unserialize when parsing Phar (CVE-2015-2783) bnc#928506: buffer over flow when parsing tar/zip/phar in phar_set_inode() (CVE-2015-3329) bnc#925109: SoapClient
    last seen2020-06-01
    modified2020-06-02
    plugin id84082
    published2015-06-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84082
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84648
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84648
    titleCentOS 6 : php (CESA-2015:1218)

Redhat

advisories
  • rhsa
    idRHSA-2015:1053
  • rhsa
    idRHSA-2015:1066
  • rhsa
    idRHSA-2015:1135
  • rhsa
    idRHSA-2015:1218
rpms
  • php55-0:2.0-1.el6
  • php55-0:2.0-1.el7
  • php55-php-0:5.5.21-2.el6
  • php55-php-0:5.5.21-2.el7
  • php55-php-bcmath-0:5.5.21-2.el6
  • php55-php-bcmath-0:5.5.21-2.el7
  • php55-php-cli-0:5.5.21-2.el6
  • php55-php-cli-0:5.5.21-2.el7
  • php55-php-common-0:5.5.21-2.el6
  • php55-php-common-0:5.5.21-2.el7
  • php55-php-dba-0:5.5.21-2.el6
  • php55-php-dba-0:5.5.21-2.el7
  • php55-php-debuginfo-0:5.5.21-2.el6
  • php55-php-debuginfo-0:5.5.21-2.el7
  • php55-php-devel-0:5.5.21-2.el6
  • php55-php-devel-0:5.5.21-2.el7
  • php55-php-enchant-0:5.5.21-2.el6
  • php55-php-enchant-0:5.5.21-2.el7
  • php55-php-fpm-0:5.5.21-2.el6
  • php55-php-fpm-0:5.5.21-2.el7
  • php55-php-gd-0:5.5.21-2.el6
  • php55-php-gd-0:5.5.21-2.el7
  • php55-php-gmp-0:5.5.21-2.el6
  • php55-php-gmp-0:5.5.21-2.el7
  • php55-php-imap-0:5.5.21-2.el6
  • php55-php-intl-0:5.5.21-2.el6
  • php55-php-intl-0:5.5.21-2.el7
  • php55-php-ldap-0:5.5.21-2.el6
  • php55-php-ldap-0:5.5.21-2.el7
  • php55-php-mbstring-0:5.5.21-2.el6
  • php55-php-mbstring-0:5.5.21-2.el7
  • php55-php-mysqlnd-0:5.5.21-2.el6
  • php55-php-mysqlnd-0:5.5.21-2.el7
  • php55-php-odbc-0:5.5.21-2.el6
  • php55-php-odbc-0:5.5.21-2.el7
  • php55-php-opcache-0:5.5.21-2.el6
  • php55-php-opcache-0:5.5.21-2.el7
  • php55-php-pdo-0:5.5.21-2.el6
  • php55-php-pdo-0:5.5.21-2.el7
  • php55-php-pgsql-0:5.5.21-2.el6
  • php55-php-pgsql-0:5.5.21-2.el7
  • php55-php-process-0:5.5.21-2.el6
  • php55-php-process-0:5.5.21-2.el7
  • php55-php-pspell-0:5.5.21-2.el6
  • php55-php-pspell-0:5.5.21-2.el7
  • php55-php-recode-0:5.5.21-2.el6
  • php55-php-recode-0:5.5.21-2.el7
  • php55-php-snmp-0:5.5.21-2.el6
  • php55-php-snmp-0:5.5.21-2.el7
  • php55-php-soap-0:5.5.21-2.el6
  • php55-php-soap-0:5.5.21-2.el7
  • php55-php-tidy-0:5.5.21-2.el6
  • php55-php-xml-0:5.5.21-2.el6
  • php55-php-xml-0:5.5.21-2.el7
  • php55-php-xmlrpc-0:5.5.21-2.el6
  • php55-php-xmlrpc-0:5.5.21-2.el7
  • php55-runtime-0:2.0-1.el6
  • php55-runtime-0:2.0-1.el7
  • php55-scldevel-0:2.0-1.el6
  • php55-scldevel-0:2.0-1.el7
  • php54-0:2.0-1.el6
  • php54-0:2.0-1.el7
  • php54-php-0:5.4.40-1.el6
  • php54-php-0:5.4.40-1.el7
  • php54-php-bcmath-0:5.4.40-1.el6
  • php54-php-bcmath-0:5.4.40-1.el7
  • php54-php-cli-0:5.4.40-1.el6
  • php54-php-cli-0:5.4.40-1.el7
  • php54-php-common-0:5.4.40-1.el6
  • php54-php-common-0:5.4.40-1.el7
  • php54-php-dba-0:5.4.40-1.el6
  • php54-php-dba-0:5.4.40-1.el7
  • php54-php-debuginfo-0:5.4.40-1.el6
  • php54-php-debuginfo-0:5.4.40-1.el7
  • php54-php-devel-0:5.4.40-1.el6
  • php54-php-devel-0:5.4.40-1.el7
  • php54-php-enchant-0:5.4.40-1.el6
  • php54-php-enchant-0:5.4.40-1.el7
  • php54-php-fpm-0:5.4.40-1.el6
  • php54-php-fpm-0:5.4.40-1.el7
  • php54-php-gd-0:5.4.40-1.el6
  • php54-php-gd-0:5.4.40-1.el7
  • php54-php-imap-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el7
  • php54-php-ldap-0:5.4.40-1.el6
  • php54-php-ldap-0:5.4.40-1.el7
  • php54-php-mbstring-0:5.4.40-1.el6
  • php54-php-mbstring-0:5.4.40-1.el7
  • php54-php-mysqlnd-0:5.4.40-1.el6
  • php54-php-mysqlnd-0:5.4.40-1.el7
  • php54-php-odbc-0:5.4.40-1.el6
  • php54-php-odbc-0:5.4.40-1.el7
  • php54-php-pdo-0:5.4.40-1.el6
  • php54-php-pdo-0:5.4.40-1.el7
  • php54-php-pecl-zendopcache-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-0:7.0.4-3.el7
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el7
  • php54-php-pgsql-0:5.4.40-1.el6
  • php54-php-pgsql-0:5.4.40-1.el7
  • php54-php-process-0:5.4.40-1.el6
  • php54-php-process-0:5.4.40-1.el7
  • php54-php-pspell-0:5.4.40-1.el6
  • php54-php-pspell-0:5.4.40-1.el7
  • php54-php-recode-0:5.4.40-1.el6
  • php54-php-recode-0:5.4.40-1.el7
  • php54-php-snmp-0:5.4.40-1.el6
  • php54-php-snmp-0:5.4.40-1.el7
  • php54-php-soap-0:5.4.40-1.el6
  • php54-php-soap-0:5.4.40-1.el7
  • php54-php-tidy-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el7
  • php54-php-xmlrpc-0:5.4.40-1.el6
  • php54-php-xmlrpc-0:5.4.40-1.el7
  • php54-runtime-0:2.0-1.el6
  • php54-runtime-0:2.0-1.el7
  • php54-scldevel-0:2.0-1.el6
  • php54-scldevel-0:2.0-1.el7
  • php-0:5.4.16-36.ael7b_1
  • php-0:5.4.16-36.el7_1
  • php-bcmath-0:5.4.16-36.ael7b_1
  • php-bcmath-0:5.4.16-36.el7_1
  • php-cli-0:5.4.16-36.ael7b_1
  • php-cli-0:5.4.16-36.el7_1
  • php-common-0:5.4.16-36.ael7b_1
  • php-common-0:5.4.16-36.el7_1
  • php-dba-0:5.4.16-36.ael7b_1
  • php-dba-0:5.4.16-36.el7_1
  • php-debuginfo-0:5.4.16-36.ael7b_1
  • php-debuginfo-0:5.4.16-36.el7_1
  • php-devel-0:5.4.16-36.ael7b_1
  • php-devel-0:5.4.16-36.el7_1
  • php-embedded-0:5.4.16-36.ael7b_1
  • php-embedded-0:5.4.16-36.el7_1
  • php-enchant-0:5.4.16-36.ael7b_1
  • php-enchant-0:5.4.16-36.el7_1
  • php-fpm-0:5.4.16-36.ael7b_1
  • php-fpm-0:5.4.16-36.el7_1
  • php-gd-0:5.4.16-36.ael7b_1
  • php-gd-0:5.4.16-36.el7_1
  • php-intl-0:5.4.16-36.ael7b_1
  • php-intl-0:5.4.16-36.el7_1
  • php-ldap-0:5.4.16-36.ael7b_1
  • php-ldap-0:5.4.16-36.el7_1
  • php-mbstring-0:5.4.16-36.ael7b_1
  • php-mbstring-0:5.4.16-36.el7_1
  • php-mysql-0:5.4.16-36.ael7b_1
  • php-mysql-0:5.4.16-36.el7_1
  • php-mysqlnd-0:5.4.16-36.ael7b_1
  • php-mysqlnd-0:5.4.16-36.el7_1
  • php-odbc-0:5.4.16-36.ael7b_1
  • php-odbc-0:5.4.16-36.el7_1
  • php-pdo-0:5.4.16-36.ael7b_1
  • php-pdo-0:5.4.16-36.el7_1
  • php-pgsql-0:5.4.16-36.ael7b_1
  • php-pgsql-0:5.4.16-36.el7_1
  • php-process-0:5.4.16-36.ael7b_1
  • php-process-0:5.4.16-36.el7_1
  • php-pspell-0:5.4.16-36.ael7b_1
  • php-pspell-0:5.4.16-36.el7_1
  • php-recode-0:5.4.16-36.ael7b_1
  • php-recode-0:5.4.16-36.el7_1
  • php-snmp-0:5.4.16-36.ael7b_1
  • php-snmp-0:5.4.16-36.el7_1
  • php-soap-0:5.4.16-36.ael7b_1
  • php-soap-0:5.4.16-36.el7_1
  • php-xml-0:5.4.16-36.ael7b_1
  • php-xml-0:5.4.16-36.el7_1
  • php-xmlrpc-0:5.4.16-36.ael7b_1
  • php-xmlrpc-0:5.4.16-36.el7_1
  • php-0:5.3.3-46.el6_6
  • php-bcmath-0:5.3.3-46.el6_6
  • php-cli-0:5.3.3-46.el6_6
  • php-common-0:5.3.3-46.el6_6
  • php-dba-0:5.3.3-46.el6_6
  • php-debuginfo-0:5.3.3-46.el6_6
  • php-devel-0:5.3.3-46.el6_6
  • php-embedded-0:5.3.3-46.el6_6
  • php-enchant-0:5.3.3-46.el6_6
  • php-fpm-0:5.3.3-46.el6_6
  • php-gd-0:5.3.3-46.el6_6
  • php-imap-0:5.3.3-46.el6_6
  • php-intl-0:5.3.3-46.el6_6
  • php-ldap-0:5.3.3-46.el6_6
  • php-mbstring-0:5.3.3-46.el6_6
  • php-mysql-0:5.3.3-46.el6_6
  • php-odbc-0:5.3.3-46.el6_6
  • php-pdo-0:5.3.3-46.el6_6
  • php-pgsql-0:5.3.3-46.el6_6
  • php-process-0:5.3.3-46.el6_6
  • php-pspell-0:5.3.3-46.el6_6
  • php-recode-0:5.3.3-46.el6_6
  • php-snmp-0:5.3.3-46.el6_6
  • php-soap-0:5.3.3-46.el6_6
  • php-tidy-0:5.3.3-46.el6_6
  • php-xml-0:5.3.3-46.el6_6
  • php-xmlrpc-0:5.3.3-46.el6_6
  • php-zts-0:5.3.3-46.el6_6

References