Vulnerabilities > CVE-2015-0273 - Unspecified vulnerability in PHP

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
nessus
exploit available

Summary

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

Vulnerable Configurations

Part Description Count
Application
Php
652

Exploit-Db

descriptionPHP DateTime Use After Free Vulnerability. CVE-2015-0273. Dos exploit for php platform
idEDB-ID:36158
last seen2016-02-04
modified2015-02-23
published2015-02-23
reporterTaoguang Chen
sourcehttps://www.exploit-db.com/download/36158/
titlePHP DateTime Use After Free Vulnerability

Nessus

  • NASL familyCGI abuses
    NASL idPHP_5_4_38.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81510
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81510
    titlePHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81510);
      script_version("1.18");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id("CVE-2014-9705", "CVE-2015-0235", "CVE-2015-0273");
      script_bugtraq_id(72325, 72701, 73031);
      script_xref(name:"CERT", value:"967332");
    
      script_name(english:"PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP 5.4.x installed on the
    remote host is prior to 5.4.38. It is, therefore, affected by multiple
    vulnerabilities :
    
      - A heap-based buffer overflow flaw in the
        enchant_broker_request_dict function in
        ext/enchant/enchant.c could allow a remote attacker
        to cause a buffer overflow, resulting in
        a denial of service condition or the execution of
        arbitrary code. (CVE-2014-9705)
    
      - A heap-based buffer overflow flaw in the GNU C Library
        (glibc) due to improperly validating user-supplied input
        in the glibc functions __nss_hostname_digits_dots(),
        gethostbyname(), and gethostbyname2(). This allows a
        remote attacker to cause a buffer overflow, resulting in
        a denial of service condition or the execution of
        arbitrary code. (CVE-2015-0235)
    
      - A use-after-free flaw exists in the function
        php_date_timezone_initialize_from_hash() within the
        'ext/date/php_date.c' script. An attacker can exploit
        this to access sensitive information or crash
        applications linked to PHP. (CVE-2015-0273)
    
    Note that Nessus has not attempted to exploit these issues but has
    instead relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.38");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68925");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68942");
      # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7a6ddbd");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.4.38 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0235");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);
    
    if (version =~ "^5\.4\.([0-9]|[12][0-9]|3[0-7])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version +
          '\n  Fixed version     : 5.4.38' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2315.NASL
    description19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) - Fixed bug #67068 (getClosure returns somethings that
    last seen2020-06-05
    modified2015-02-24
    plugin id81459
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81459
    titleFedora 21 : php-5.6.6-1.fc21 (2015-2315)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-2315.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81459);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_xref(name:"FEDORA", value:"2015-2315");
    
      script_name(english:"Fedora 21 : php-5.6.6-1.fc21 (2015-2315)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "19 Feb 2015, PHP 5.6.6
    
    Core :
    
      - Removed support for multi-line headers, as the are
        deprecated by RFC 7230. (Stas)
    
        - Fixed bug #67068 (getClosure returns somethings that's
          not a closure). (Danack at basereality dot com)
    
        - Fixed bug #68942 (Use after free vulnerability in
          unserialize() with DateTimeZone). (CVE-2015-0273)
          (Stas)
    
        - Fixed bug #68925 (Mitigation for CVE-2015-0235 '
          GHOST: glibc gethostbyname buffer overflow). (Stas)
    
        - Fixed Bug #67988 (htmlspecialchars() does not respect
          default_charset specified by ini_set) (Yasuo)
    
        - Added NULL byte protection to exec, system and
          passthru. (Yasuo)
    
    Dba :
    
      - Fixed bug #68711 (useless comparisons). (bugreports at
        internot dot info)
    
    Enchant :
    
      - Fixed bug #68552 (heap buffer overflow in
        enchant_broker_request_dict()). (Antony)
    
    Fileinfo :
    
      - Fixed bug #68827 (Double free with disabled ZMM).
        (Joshua Rogers)
    
        - Fixed bug #67647 (Bundled libmagic 5.17 does not
          detect quicktime files correctly). (Anatol)
    
        - Fixed bug #68731 (finfo_buffer doesn't extract the
          correct mime with some gifs). (Anatol)
    
    FPM :
    
      - Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
        (Frank Stolle)
    
        - Fixed bug #68571 (core dump when webserver close the
          socket). (redfoxli069 at gmail dot com, Laruence)
    
    LIBXML :
    
      - Fixed bug #64938 (libxml_disable_entity_loader setting
        is shared between threads). (Martin Jansen)
    
    Mysqli :
    
      - Fixed bug #68114 (linker error on some OS X machines
        with fixed width decimal support) (Keyur Govande)
    
        - Fixed bug #68657 (Reading 4 byte floats with Mysqli
          and libmysqlclient has rounding errors) (Keyur
          Govande)
    
    Opcache :
    
      - Fixed bug with try blocks being removed when
        extended_info opcode generation is turned on. (Laruence)
    
    PDO_mysql :
    
      - Fixed bug #68750 (PDOMysql with mysqlnd does not allow
        the usage of named pipes). (steffenb198 at aol dot com)
    
    Phar :
    
      - Fixed bug #68901 (use after free). (bugreports at
        internot dot info)
    
    Pgsql :
    
      - Fixed Bug #65199 (pg_copy_from() modifies input array
        variable) (Yasuo)
    
    Session :
    
      - Fixed bug #68941 (mod_files.sh is a bash-script)
        (bugzilla at ii.nl, Yasuo)
    
        - Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
    
        - Fixed bug #68063 (Empty session IDs do still start
          sessions) (Yasuo)
    
    Sqlite3 :
    
      - Fixed bug #68260 (SQLite3Result::fetchArray declares
        wrong required_num_args). (Julien)
    
    Standard :
    
      - Fixed bug #65272 (flock() out parameter not set
        correctly in windows). (Daniel Lowrey)
    
        - Fixed bug #69033 (Request may get env. variables from
          previous requests if PHP works as FastCGI). (Anatol)
    
    Streams :
    
      - Fixed bug which caused call after final close on streams
        filter. (Bob)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150370.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f7e0c26f"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"php-5.6.6-1.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-203.NASL
    descriptionphp5 was updated to fix two security issues. These security issues were fixed : - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150). - CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768).
    last seen2020-06-05
    modified2015-03-09
    plugin id81691
    published2015-03-09
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81691
    titleopenSUSE Security Update : php5 (openSUSE-2015-203)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-203.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81691);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-9652", "CVE-2015-0273");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2015-203)");
      script_summary(english:"Check for the openSUSE-2015-203 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "php5 was updated to fix two security issues.
    
    These security issues were fixed :
    
      - CVE-2014-9652: Out of bounds read in mconvert()
        (bnc#917150).
    
      - CVE-2015-0273: Use after free vulnerability in
        unserialize() with DateTimeZone (bnc#918768)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=918768"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-debugsource-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-devel-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-json-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-json-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pear-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-debuginfo-5.4.20-42.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-12.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-12.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework - apache_mod_php - ATS - Audio - CFNetwork - CoreGraphics - CoreText - EFI - FontParser - Grand Central Dispatch - ImageIO - IOAcceleratorFamily - Kernel - libarchive - MCX Application Restrictions - OpenGL Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86829
    published2015-11-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86829
    titleMac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86829);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/14  1:59:36");
    
      script_cve_id(
        "CVE-2015-0235",
        "CVE-2015-0273",
        "CVE-2015-4860",
        "CVE-2015-5924",
        "CVE-2015-5925",
        "CVE-2015-5926",
        "CVE-2015-5927",
        "CVE-2015-5932",
        "CVE-2015-5933",
        "CVE-2015-5934",
        "CVE-2015-5935",
        "CVE-2015-5936",
        "CVE-2015-5937",
        "CVE-2015-5938",
        "CVE-2015-5939",
        "CVE-2015-5940",
        "CVE-2015-5942",
        "CVE-2015-5944",
        "CVE-2015-6834",
        "CVE-2015-6835",
        "CVE-2015-6836",
        "CVE-2015-6837",
        "CVE-2015-6838",
        "CVE-2015-6975",
        "CVE-2015-6976",
        "CVE-2015-6977",
        "CVE-2015-6978",
        "CVE-2015-6984",
        "CVE-2015-6985",
        "CVE-2015-6989",
        "CVE-2015-6991",
        "CVE-2015-6992",
        "CVE-2015-6993",
        "CVE-2015-6996",
        "CVE-2015-7009",
        "CVE-2015-7010",
        "CVE-2015-7016",
        "CVE-2015-7018",
        "CVE-2015-7023",
        "CVE-2015-7035"
      );
      script_bugtraq_id(
        69477,
        72325,
        72701,
        74971,
        76317,
        76644,
        76649,
        76733,
        76734,
        76738,
        77162,
        77263,
        77265,
        77266,
        77270
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-10-21-4");
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)");
      script_summary(english:"Checks for the presence of Security Update 2015-004 and 2015-007.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes multiple
    security vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.9.5 or 10.10.5
    that is missing Security Update 2015-004 or 2015-007. It is,
    therefore, affected by multiple vulnerabilities in the following
    components :
    
      - Accelerate Framework
      - apache_mod_php
      - ATS
      - Audio
      - CFNetwork
      - CoreGraphics
      - CoreText
      - EFI
      - FontParser
      - Grand Central Dispatch
      - ImageIO
      - IOAcceleratorFamily
      - Kernel
      - libarchive
      - MCX Application Restrictions
      - OpenGL
    
    Note that successful exploitation of the most serious issues can
    result in arbitrary code execution.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205375");
      # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7e01da3");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2015-004 / 2015-007 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Compare 2 patch numbers to determine if patch requirements are satisfied.
    # Return true if this patch or a later patch is applied
    # Return false otherwise
    function check_patch(year, number)
    {
      local_var p_split = split(patch, sep:"-");
      local_var p_year  = int( p_split[0]);
      local_var p_num   = int( p_split[1]);
    
      if (year >  p_year) return TRUE;
      else if (year <  p_year) return FALSE;
      else if (number >=  p_num) return TRUE;
      else return FALSE;
    }
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    # Advisory states that update 2015-004 is available for 10.10.5 and update 2015-007 is available for 10.9.5
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    if (!ereg(pattern:"Mac OS X 10\.(9|10)\.5([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.9.5 or Mac OS X 10.10.5");
    
    if ("10.9.5" >< os) patch = "2015-007";
    else if ("10.10.5" >< os) patch = "2015-004";
    
    packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1);
    sec_boms_report = egrep(pattern:"^com\.apple\.pkg\.update\.security\..*bom$", string:packages);
    sec_boms = split(sec_boms_report, sep:'\n');
    
    foreach package (sec_boms)
    {
      # Grab patch year and number
      match = eregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package);
      if (empty_or_null(match[1]) || empty_or_null(match[2]))
        continue;
    
      patch_found = check_patch(year:int(match[1]), number:int(match[2]));
      if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected.");
    }
    
    report =  '\n  Missing security update : ' + patch;
    report += '\n  Installed security BOMs : ';
    if (sec_boms_report) report += str_replace(find:'\n', replace:'\n                            ', string:sec_boms_report);
    else report += 'n/a';
    report += '\n';
    
    security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201606-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91704
    published2016-06-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91704
    titleGLSA-201606-10 : PHP: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201606-10.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91704);
      script_version("2.3");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804");
      script_xref(name:"GLSA", value:"201606-10");
    
      script_name(english:"GLSA-201606-10 : PHP: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201606-10
    (PHP: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in PHP. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        An attacker can possibly execute arbitrary code or create a Denial of
          Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201606-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
          5.4 is now masked in Portage:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
        All PHP 5.5 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
        All PHP 5.6 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.6.19", "rge 5.5.33", "rge 5.5.34", "rge 5.5.35", "rge 5.5.36", "rge 5.5.37", "rge 5.5.38"), vulnerable:make_list("lt 5.6.19"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1218.NASL
    descriptionFrom Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84659
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84659
    titleOracle Linux 6 : php (ELSA-2015-1218)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1135.NASL
    descriptionFrom Red Hat Security Advisory 2015:1135 : Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84351
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84351
    titleOracle Linux 7 : php (ELSA-2015-1135)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150709_PHP_ON_SL6_X.NASL
    descriptionA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-07-13
    plugin id84661
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84661
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86270
    published2015-10-05
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86270
    titleMac OS X < 10.11 Multiple Vulnerabilities (GHOST)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-080.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file
    last seen2020-06-01
    modified2020-06-02
    plugin id82333
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82333
    titleMandriva Linux Security Advisory : php (MDVSA-2015:080)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84355
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84355
    titleRHEL 7 : php (RHSA-2015:1135)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84345
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84345
    titleCentOS 7 : php (CESA-2015:1135)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id84488
    published2015-07-01
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84488
    titleMac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id84923
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84923
    titleHP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL familyCGI abuses
    NASL idPHP_5_6_6.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81512
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81512
    titlePHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84660
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84660
    titleRHEL 6 : php (RHSA-2015:1218)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-079.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9705). Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-0273). It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-2301). Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331). It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1351). It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1352). The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the CVE-2015-2331 flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.
    last seen2020-06-01
    modified2020-06-02
    plugin id82332
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82332
    titleMandriva Linux Security Advisory : php (MDVSA-2015:079)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2535-1.NASL
    descriptionThomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0273) It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id81950
    published2015-03-19
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81950
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2535-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-494.NASL
    descriptionA heap-based buffer overflow was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id82043
    published2015-03-25
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82043
    titleAmazon Linux AMI : php55 (ALAS-2015-494) (GHOST)
  • NASL familyCGI abuses
    NASL idPHP_5_5_22.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the
    last seen2020-06-01
    modified2020-06-02
    plugin id81511
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81511
    titlePHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-150226.NASL
    descriptionphp5 has been updated to fix two security issues : - Out of bounds read in mconvert(). (bnc#917150). (CVE-2014-9652) - Use after free vulnerability in unserialize() with DateTimeZone. (bnc#918768). (CVE-2015-0273)
    last seen2020-06-01
    modified2020-06-02
    plugin id81665
    published2015-03-06
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81665
    titleSuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 10370)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0424-1.NASL
    descriptionphp5 was updated to fix two security issues. These security issues were fixed : - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150). - CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119962
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119962
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2015:0424-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-493.NASL
    descriptionA heap-based buffer overflow was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id81829
    published2015-03-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81829
    titleAmazon Linux AMI : php54 (ALAS-2015-493) (GHOST)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150623_PHP_ON_SL7_X.NASL
    descriptionA flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-06-25
    plugin id84394
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84394
    titleScientific Linux Security Update : php on SL7.x x86_64 (20150623)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3195.NASL
    descriptionMultiple vulnerabilities have been discovered in the PHP language : - CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). - CVE-2014-9705 Buffer overflow in the enchant extension. - CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. - CVE-2015-0232 Alex Eubanks discovered incorrect memory management in the exif extension. - CVE-2015-0273 Use-after-free in the unserialisation of DateTimeZone.
    last seen2020-03-17
    modified2015-03-19
    plugin id81926
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81926
    titleDebian DSA-3195-1 : php5 - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2328.NASL
    description19 Feb 2015, PHP 5.5.22 Core : - Fixed bug #67068 (getClosure returns somethings that
    last seen2020-06-05
    modified2015-03-05
    plugin id81612
    published2015-03-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81612
    titleFedora 20 : php-5.5.22-1.fc20 (2015-2328)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id84489
    published2015-07-01
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84489
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11_1.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86654
    published2015-10-29
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86654
    titleMac OS X < 10.11.1 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84648
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84648
    titleCentOS 6 : php (CESA-2015:1218)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL
    descriptionThe PHP Project reports : Use after free vulnerability in unserialize() with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id81559
    published2015-02-27
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81559
    titleFreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1543.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025) - An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669) - It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348) - An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124996
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124996
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/130471/datetime-uaf.txt
idPACKETSTORM:130471
last seen2016-12-05
published2015-02-20
reporterTaoguang Chen
sourcehttps://packetstormsecurity.com/files/130471/PHP-DateTime-Use-After-Free.html
titlePHP DateTime Use-After-Free

Redhat

advisories
  • rhsa
    idRHSA-2015:1053
  • rhsa
    idRHSA-2015:1066
  • rhsa
    idRHSA-2015:1135
  • rhsa
    idRHSA-2015:1218
rpms
  • php55-0:2.0-1.el6
  • php55-0:2.0-1.el7
  • php55-php-0:5.5.21-2.el6
  • php55-php-0:5.5.21-2.el7
  • php55-php-bcmath-0:5.5.21-2.el6
  • php55-php-bcmath-0:5.5.21-2.el7
  • php55-php-cli-0:5.5.21-2.el6
  • php55-php-cli-0:5.5.21-2.el7
  • php55-php-common-0:5.5.21-2.el6
  • php55-php-common-0:5.5.21-2.el7
  • php55-php-dba-0:5.5.21-2.el6
  • php55-php-dba-0:5.5.21-2.el7
  • php55-php-debuginfo-0:5.5.21-2.el6
  • php55-php-debuginfo-0:5.5.21-2.el7
  • php55-php-devel-0:5.5.21-2.el6
  • php55-php-devel-0:5.5.21-2.el7
  • php55-php-enchant-0:5.5.21-2.el6
  • php55-php-enchant-0:5.5.21-2.el7
  • php55-php-fpm-0:5.5.21-2.el6
  • php55-php-fpm-0:5.5.21-2.el7
  • php55-php-gd-0:5.5.21-2.el6
  • php55-php-gd-0:5.5.21-2.el7
  • php55-php-gmp-0:5.5.21-2.el6
  • php55-php-gmp-0:5.5.21-2.el7
  • php55-php-imap-0:5.5.21-2.el6
  • php55-php-intl-0:5.5.21-2.el6
  • php55-php-intl-0:5.5.21-2.el7
  • php55-php-ldap-0:5.5.21-2.el6
  • php55-php-ldap-0:5.5.21-2.el7
  • php55-php-mbstring-0:5.5.21-2.el6
  • php55-php-mbstring-0:5.5.21-2.el7
  • php55-php-mysqlnd-0:5.5.21-2.el6
  • php55-php-mysqlnd-0:5.5.21-2.el7
  • php55-php-odbc-0:5.5.21-2.el6
  • php55-php-odbc-0:5.5.21-2.el7
  • php55-php-opcache-0:5.5.21-2.el6
  • php55-php-opcache-0:5.5.21-2.el7
  • php55-php-pdo-0:5.5.21-2.el6
  • php55-php-pdo-0:5.5.21-2.el7
  • php55-php-pgsql-0:5.5.21-2.el6
  • php55-php-pgsql-0:5.5.21-2.el7
  • php55-php-process-0:5.5.21-2.el6
  • php55-php-process-0:5.5.21-2.el7
  • php55-php-pspell-0:5.5.21-2.el6
  • php55-php-pspell-0:5.5.21-2.el7
  • php55-php-recode-0:5.5.21-2.el6
  • php55-php-recode-0:5.5.21-2.el7
  • php55-php-snmp-0:5.5.21-2.el6
  • php55-php-snmp-0:5.5.21-2.el7
  • php55-php-soap-0:5.5.21-2.el6
  • php55-php-soap-0:5.5.21-2.el7
  • php55-php-tidy-0:5.5.21-2.el6
  • php55-php-xml-0:5.5.21-2.el6
  • php55-php-xml-0:5.5.21-2.el7
  • php55-php-xmlrpc-0:5.5.21-2.el6
  • php55-php-xmlrpc-0:5.5.21-2.el7
  • php55-runtime-0:2.0-1.el6
  • php55-runtime-0:2.0-1.el7
  • php55-scldevel-0:2.0-1.el6
  • php55-scldevel-0:2.0-1.el7
  • php54-0:2.0-1.el6
  • php54-0:2.0-1.el7
  • php54-php-0:5.4.40-1.el6
  • php54-php-0:5.4.40-1.el7
  • php54-php-bcmath-0:5.4.40-1.el6
  • php54-php-bcmath-0:5.4.40-1.el7
  • php54-php-cli-0:5.4.40-1.el6
  • php54-php-cli-0:5.4.40-1.el7
  • php54-php-common-0:5.4.40-1.el6
  • php54-php-common-0:5.4.40-1.el7
  • php54-php-dba-0:5.4.40-1.el6
  • php54-php-dba-0:5.4.40-1.el7
  • php54-php-debuginfo-0:5.4.40-1.el6
  • php54-php-debuginfo-0:5.4.40-1.el7
  • php54-php-devel-0:5.4.40-1.el6
  • php54-php-devel-0:5.4.40-1.el7
  • php54-php-enchant-0:5.4.40-1.el6
  • php54-php-enchant-0:5.4.40-1.el7
  • php54-php-fpm-0:5.4.40-1.el6
  • php54-php-fpm-0:5.4.40-1.el7
  • php54-php-gd-0:5.4.40-1.el6
  • php54-php-gd-0:5.4.40-1.el7
  • php54-php-imap-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el7
  • php54-php-ldap-0:5.4.40-1.el6
  • php54-php-ldap-0:5.4.40-1.el7
  • php54-php-mbstring-0:5.4.40-1.el6
  • php54-php-mbstring-0:5.4.40-1.el7
  • php54-php-mysqlnd-0:5.4.40-1.el6
  • php54-php-mysqlnd-0:5.4.40-1.el7
  • php54-php-odbc-0:5.4.40-1.el6
  • php54-php-odbc-0:5.4.40-1.el7
  • php54-php-pdo-0:5.4.40-1.el6
  • php54-php-pdo-0:5.4.40-1.el7
  • php54-php-pecl-zendopcache-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-0:7.0.4-3.el7
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el7
  • php54-php-pgsql-0:5.4.40-1.el6
  • php54-php-pgsql-0:5.4.40-1.el7
  • php54-php-process-0:5.4.40-1.el6
  • php54-php-process-0:5.4.40-1.el7
  • php54-php-pspell-0:5.4.40-1.el6
  • php54-php-pspell-0:5.4.40-1.el7
  • php54-php-recode-0:5.4.40-1.el6
  • php54-php-recode-0:5.4.40-1.el7
  • php54-php-snmp-0:5.4.40-1.el6
  • php54-php-snmp-0:5.4.40-1.el7
  • php54-php-soap-0:5.4.40-1.el6
  • php54-php-soap-0:5.4.40-1.el7
  • php54-php-tidy-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el7
  • php54-php-xmlrpc-0:5.4.40-1.el6
  • php54-php-xmlrpc-0:5.4.40-1.el7
  • php54-runtime-0:2.0-1.el6
  • php54-runtime-0:2.0-1.el7
  • php54-scldevel-0:2.0-1.el6
  • php54-scldevel-0:2.0-1.el7
  • php-0:5.4.16-36.ael7b_1
  • php-0:5.4.16-36.el7_1
  • php-bcmath-0:5.4.16-36.ael7b_1
  • php-bcmath-0:5.4.16-36.el7_1
  • php-cli-0:5.4.16-36.ael7b_1
  • php-cli-0:5.4.16-36.el7_1
  • php-common-0:5.4.16-36.ael7b_1
  • php-common-0:5.4.16-36.el7_1
  • php-dba-0:5.4.16-36.ael7b_1
  • php-dba-0:5.4.16-36.el7_1
  • php-debuginfo-0:5.4.16-36.ael7b_1
  • php-debuginfo-0:5.4.16-36.el7_1
  • php-devel-0:5.4.16-36.ael7b_1
  • php-devel-0:5.4.16-36.el7_1
  • php-embedded-0:5.4.16-36.ael7b_1
  • php-embedded-0:5.4.16-36.el7_1
  • php-enchant-0:5.4.16-36.ael7b_1
  • php-enchant-0:5.4.16-36.el7_1
  • php-fpm-0:5.4.16-36.ael7b_1
  • php-fpm-0:5.4.16-36.el7_1
  • php-gd-0:5.4.16-36.ael7b_1
  • php-gd-0:5.4.16-36.el7_1
  • php-intl-0:5.4.16-36.ael7b_1
  • php-intl-0:5.4.16-36.el7_1
  • php-ldap-0:5.4.16-36.ael7b_1
  • php-ldap-0:5.4.16-36.el7_1
  • php-mbstring-0:5.4.16-36.ael7b_1
  • php-mbstring-0:5.4.16-36.el7_1
  • php-mysql-0:5.4.16-36.ael7b_1
  • php-mysql-0:5.4.16-36.el7_1
  • php-mysqlnd-0:5.4.16-36.ael7b_1
  • php-mysqlnd-0:5.4.16-36.el7_1
  • php-odbc-0:5.4.16-36.ael7b_1
  • php-odbc-0:5.4.16-36.el7_1
  • php-pdo-0:5.4.16-36.ael7b_1
  • php-pdo-0:5.4.16-36.el7_1
  • php-pgsql-0:5.4.16-36.ael7b_1
  • php-pgsql-0:5.4.16-36.el7_1
  • php-process-0:5.4.16-36.ael7b_1
  • php-process-0:5.4.16-36.el7_1
  • php-pspell-0:5.4.16-36.ael7b_1
  • php-pspell-0:5.4.16-36.el7_1
  • php-recode-0:5.4.16-36.ael7b_1
  • php-recode-0:5.4.16-36.el7_1
  • php-snmp-0:5.4.16-36.ael7b_1
  • php-snmp-0:5.4.16-36.el7_1
  • php-soap-0:5.4.16-36.ael7b_1
  • php-soap-0:5.4.16-36.el7_1
  • php-xml-0:5.4.16-36.ael7b_1
  • php-xml-0:5.4.16-36.el7_1
  • php-xmlrpc-0:5.4.16-36.ael7b_1
  • php-xmlrpc-0:5.4.16-36.el7_1
  • php-0:5.3.3-46.el6_6
  • php-bcmath-0:5.3.3-46.el6_6
  • php-cli-0:5.3.3-46.el6_6
  • php-common-0:5.3.3-46.el6_6
  • php-dba-0:5.3.3-46.el6_6
  • php-debuginfo-0:5.3.3-46.el6_6
  • php-devel-0:5.3.3-46.el6_6
  • php-embedded-0:5.3.3-46.el6_6
  • php-enchant-0:5.3.3-46.el6_6
  • php-fpm-0:5.3.3-46.el6_6
  • php-gd-0:5.3.3-46.el6_6
  • php-imap-0:5.3.3-46.el6_6
  • php-intl-0:5.3.3-46.el6_6
  • php-ldap-0:5.3.3-46.el6_6
  • php-mbstring-0:5.3.3-46.el6_6
  • php-mysql-0:5.3.3-46.el6_6
  • php-odbc-0:5.3.3-46.el6_6
  • php-pdo-0:5.3.3-46.el6_6
  • php-pgsql-0:5.3.3-46.el6_6
  • php-process-0:5.3.3-46.el6_6
  • php-pspell-0:5.3.3-46.el6_6
  • php-recode-0:5.3.3-46.el6_6
  • php-snmp-0:5.3.3-46.el6_6
  • php-soap-0:5.3.3-46.el6_6
  • php-tidy-0:5.3.3-46.el6_6
  • php-xml-0:5.3.3-46.el6_6
  • php-xmlrpc-0:5.3.3-46.el6_6
  • php-zts-0:5.3.3-46.el6_6

References