Vulnerabilities > CVE-2015-2326 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
pcre
opensuse
mariadb
php
CWE-125
nessus

Summary

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Vulnerable Configurations

Part Description Count
Application
Pcre
72
Application
Mariadb
18
Application
Php
241
OS
Opensuse
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1273-1.NASL
    descriptionThis update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84913
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84913
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1273-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84913);
      script_version("2.18");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2014-8964", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573", "CVE-2015-3152");
      script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - Logjam attack: mysql uses 512 bit dh groups in SSL
        [bnc#934789]
    
      - CVE-2015-3152: mysql --ssl does not enforce SSL
        [bnc#924663]
    
      - CVE-2014-8964: heap buffer overflow [bnc#906574]
    
      - CVE-2015-2325: heap buffer overflow in compile_branch()
        [bnc#924960]
    
      - CVE-2015-2326: heap buffer overflow in pcre_compile2()
        [bnc#924961]
    
      - CVE-2015-0501: unspecified vulnerability related to
        Server:Compiling (CPU April 2015)
    
      - CVE-2015-2571: unspecified vulnerability related to
        Server:Optimizer (CPU April 2015)
    
      - CVE-2015-0505: unspecified vulnerability related to
        Server:DDL (CPU April 2015)
    
      - CVE-2015-0499: unspecified vulnerability related to
        Server:Federated (CPU April 2015)
    
      - CVE-2015-2568: unspecified vulnerability related to
        Server:Security:Privileges (CPU April 2015)
    
      - CVE-2015-2573: unspecified vulnerability related to
        Server:DDL (CPU April 2015)
    
      - CVE-2015-0433: unspecified vulnerability related to
        Server:InnoDB:DML (CPU April 2015)
    
      - CVE-2015-0441: unspecified vulnerability related to
        Server:Security:Encryption (CPU April 2015)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=906574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=921333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0433/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0441/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0499/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0501/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2325/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2326/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2571/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3152/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?eb0c49d8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12 :
    
    zypper in -t patch SUSE-SLE-WE-12-2015-332=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-332=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debugsource-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-errormessages-10.0.20-18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_4_41.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id83517
    published2015-05-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83517
    titlePHP 5.4.x < 5.4.41 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83517);
      script_version("1.11");
      script_cvs_date("Date: 2019/03/27 13:17:50");
    
      script_cve_id(
        "CVE-2006-7243",
        "CVE-2015-2325",
        "CVE-2015-2326",
        "CVE-2015-4021",
        "CVE-2015-4022",
        "CVE-2015-4024",
        "CVE-2015-4025",
        "CVE-2015-4026"
      );
      script_bugtraq_id(
        44951,
        74700,
        74902,
        74903,
        74904,
        75056,
        75174,
        75175
      );
    
      script_name(english:"PHP 5.4.x < 5.4.41 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP 5.4.x running on the
    remote web server is prior to 5.4.41. It is, therefore, affected by
    multiple vulnerabilities :
    
      - Multiple unspecified flaws in pcrelib.
        (CVE-2015-2325, CVE-2015-2326)
    
      - A flaw in the phar_parse_tarfile function in
        ext/phar/tar.c could allow a denial of service
        via a crafted entry in a tar archive.
        (CVE-2015-4021)
    
      - An integer overflow condition exists in the
        ftp_genlist() function in ftp.c due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to cause a heap-based buffer overflow,
        resulting in a denial of service condition or possible
        remote code execution. (CVE-2015-4022)
    
      - Multiple flaws exist related to using pathnames
        containing NULL bytes. A remote attacker can exploit
        these flaws, by combining the '\0' character with a safe
        file extension, to bypass access restrictions. This had
        been previously fixed but was reintroduced by a
        regression in versions 5.4+. (CVE-2006-7243,
        CVE-2015-4025)
    
      - A flaw exists in the multipart_buffer_headers() function
        in rfc1867.c due to improper handling of
        multipart/form-data in HTTP requests. A remote attacker
        can exploit this flaw to cause a consumption of CPU
        resources, resulting in a denial of service condition.
        (CVE-2015-4024)
    
      - A security bypass vulnerability exists due to a flaw in
        the pcntl_exec implementation that truncates a pathname
        upon encountering the '\x00' character. A remote
        attacker can exploit this, via a crafted first argument,
        to bypass intended extension restrictions and execute
        arbitrary files. (CVE-2015-4026)
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.41");
      script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.4.41 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4026");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);
    
    if (version =~ "^5\.4\.([0-9]|[1-3][0-9]|4[0])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version +
          '\n  Fixed version     : 5.4.41' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2943-1.NASL
    descriptionIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90306
    published2016-04-01
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90306
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2943-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90306);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2014-9769", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-5073", "CVE-2015-8380", "CVE-2015-8381", "CVE-2015-8382", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8387", "CVE-2015-8388", "CVE-2015-8389", "CVE-2015-8390", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8393", "CVE-2015-8394", "CVE-2015-8395", "CVE-2016-1283", "CVE-2016-3191");
      script_xref(name:"USN", value:"2943-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that PCRE incorrectly handled certain regular
    expressions. A remote attacker could use this issue to cause
    applications using PCRE to crash, resulting in a denial of service, or
    possibly execute arbitrary code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2943-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpcre3 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libpcre3", pkgver:"8.12-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libpcre3", pkgver:"1:8.31-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libpcre3", pkgver:"2:8.35-7.1ubuntu1.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre3");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_6_9.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id83519
    published2015-05-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83519
    titlePHP 5.6.x < 5.6.9 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83519);
      script_version("1.14");
      script_cvs_date("Date: 2019/03/27 13:17:50");
    
      script_cve_id(
        "CVE-2006-7243",
        "CVE-2015-2325",
        "CVE-2015-2326",
        "CVE-2015-4021",
        "CVE-2015-4022",
        "CVE-2015-4024",
        "CVE-2015-4025",
        "CVE-2015-4026"
      );
      script_bugtraq_id(
        44951,
        74700,
        74902,
        74903,
        74904,
        75056,
        75174,
        75175
      );
    
      script_name(english:"PHP 5.6.x < 5.6.9 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP 5.6.x running on the
    remote web server is prior to 5.6.9. It is, therefore, affected by
    multiple vulnerabilities :
    
      - Multiple unspecified flaws in pcrelib.
        (CVE-2015-2325, CVE-2015-2326)
    
      - A flaw in the phar_parse_tarfile function in
        ext/phar/tar.c could allow a denial of service
        via a crafted entry in a tar archive.
        (CVE-2015-4021)
    
      - Multiple flaws exist related to using pathnames
        containing NULL bytes. A remote attacker can exploit
        these flaws, by combining the '\0' character with a safe
        file extension, to bypass access restrictions. This had
        been previously fixed but was reintroduced by a
        regression in versions 5.4+. (CVE-2006-7243,
        CVE-2015-4025)
    
      - An integer overflow condition exists in the
        ftp_genlist() function in ftp.c due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to cause a heap-based buffer overflow,
        resulting in a denial of service condition or possible
        remote code execution. (CVE-2015-4022)
    
      - A flaw exists in the multipart_buffer_headers() function
        in rfc1867.c due to improper handling of
        multipart/form-data in HTTP requests. A remote attacker
        can exploit this flaw to cause a consumption of CPU
        resources, resulting in a denial of service condition.
        (CVE-2015-4024)
    
      - A security bypass vulnerability exists due to a flaw in
        the pcntl_exec implementation that truncates a pathname
        upon encountering the '\x00' character. A remote
        attacker can exploit this, via a crafted first argument,
        to bypass intended extension restrictions and execute
        arbitrary files. (CVE-2015-4026)
    
      - A NULL pointer dereference flaw exists in the
        xsl_ext_function_php() function in xsltprocessor.c due
        to improper validation of user-supplied input. A remote
        attacker can exploit this to cause a denial of service
        condition.
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.9");
      script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.6.9 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4026");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port);
    
    if (version =~ "^5\.6\.[0-8]($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version +
          '\n  Fixed version     : 5.6.9' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-353.NASL
    descriptionThe regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues. The following vulnerabilities were fixed : - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960) - CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961] - CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]
    last seen2020-06-05
    modified2015-05-13
    plugin id83392
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83392
    titleopenSUSE Security Update : pcre (openSUSE-2015-353)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-353.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83392);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-8964", "CVE-2015-2325", "CVE-2015-2326");
    
      script_name(english:"openSUSE Security Update : pcre (openSUSE-2015-353)");
      script_summary(english:"Check for the openSUSE-2015-353 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The regular expression library pcre was updated to 8.37 to fix three
    security issues and a number of bugs and correctness issues.
    
    The following vulnerabilities were fixed :
    
      - CVE-2015-2325: Specially crafted regular expressions
        could have caused a heap buffer overlow in
        compile_branch(), potentially allowing the execution of
        arbitrary code. (boo#924960)
    
      - CVE-2015-2326: Specially crafted regular expressions
        could have caused a heap buffer overlow in
        pcre_compile2(), potentially allowing the execution of
        arbitrary code. [boo#924961]
    
      - CVE-2014-8964: Specially crafted regular expression
        could have caused a denial of service (crash) or have
        other unspecified impact. [boo#906574]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924961"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pcre packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"libpcre1-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcre1-debuginfo-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcre16-0-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcre16-0-debuginfo-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcrecpp0-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcrecpp0-debuginfo-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcreposix0-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libpcreposix0-debuginfo-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcre-debugsource-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcre-devel-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcre-devel-static-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcre-tools-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcre-tools-debuginfo-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre1-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre16-0-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre16-0-debuginfo-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcreposix0-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcreposix0-debuginfo-32bit-8.37-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-debuginfo-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-debuginfo-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-debuginfo-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-debuginfo-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"pcre-debugsource-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-static-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-debuginfo-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-debuginfo-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-32bit-8.37-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-debuginfo-32bit-8.37-3.5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre1-32bit / libpcre1 / libpcre1-debuginfo-32bit / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-534.NASL
    descriptionAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id83973
    published2015-06-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83973
    titleAmazon Linux AMI : php54 (ALAS-2015-534)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2015-534.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83973);
      script_version("2.4");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026");
      script_xref(name:"ALAS", value:"2015-534");
    
      script_name(english:"Amazon Linux AMI : php54 (ALAS-2015-534)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An integer underflow flaw leading to out-of-bounds memory access was
    found in the way PHP's Phar extension parsed Phar archives. A
    specially crafted archive could cause PHP to crash or, possibly,
    execute arbitrary code when opened. (CVE-2015-4021)
    
    An integer overflow flaw leading to a heap based buffer overflow was
    found in the way PHP's FTP extension parsed file listing FTP server
    responses. A malicious FTP server could use this flaw to cause a PHP
    application to crash or, possibly, execute arbitrary code.
    (CVE-2015-4022)
    
    A flaw was found in the way PHP parsed multipart HTTP POST requests. A
    specially crafted request could cause PHP to use an excessive amount
    of CPU time. (CVE-2015-4024)
    
    It was found that certain PHP functions did not properly handle file
    names containing a NULL character. A remote attacker could possibly
    use this flaw to make a PHP script access unexpected files and bypass
    intended file system access restrictions. (CVE-2015-4025)
    
    It was found that certain PHP functions did not properly handle file
    names containing a NULL character. A remote attacker could possibly
    use this flaw to make a PHP script access unexpected files and bypass
    intended file system access restrictions. (CVE-2015-4026)
    
    PCRE library is prone to a heap overflow vulnerability. Due to
    insufficient bounds checking inside compile_branch(), the heap memory
    could be overflowed via a crafted regular expression. Since PCRE
    library is widely used, this vulnerability should affect many
    applications using it. An attacker may exploit this issue to execute
    arbitrary code in the context of the user running the affected
    application. (CVE-2015-2325)
    
    PCRE library is prone to a vulnerability which leads to Heap overflow.
    Without enough bound checking inside pcre_compile2(), the heap memory
    could be overflowed via a crafted regular expression. Since PCRE
    library is widely used, this vulnerability should affect many
    applications. An attacker may exploit this issue to execute arbitrary
    code in the context of the user running the affected application.
    (CVE-2015-2326)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2015-534.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php54' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php54-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-cli-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-common-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-dba-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-devel-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-gd-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-imap-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-intl-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-process-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-recode-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-soap-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-xml-5.4.41-1.69.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.41-1.69.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_4_42.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id84362
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84362
    titlePHP 5.4.x < 5.4.42 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84362);
      script_version("1.13");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2015-2325",
        "CVE-2015-2326",
        "CVE-2015-3414",
        "CVE-2015-3415",
        "CVE-2015-3416",
        "CVE-2015-4598",
        "CVE-2015-4642",
        "CVE-2015-4643",
        "CVE-2015-4644"
      );
      script_bugtraq_id(
        74228,
        75174,
        75175,
        75244,
        75290,
        75291,
        75292
      );
    
      script_name(english:"PHP 5.4.x < 5.4.42 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP 5.4.x running on the
    remote web server is prior to 5.4.42. It is, therefore, affected by
    multiple vulnerabilities :
    
      - Multiple heap buffer overflow conditions exist in the
        bundled Perl-Compatible Regular Expression (PCRE)
        library due to improper validation of user-supplied
        input to the compile_branch() and pcre_compile2()
        functions. A remote attacker can exploit these
        conditions to cause a heap-based buffer overflow,
        resulting in a denial of service condition or the
        execution of arbitrary code. (CVE-2015-2325,
        CVE-2015-2326)
    
      - A denial of service vulnerability exists in the bundled
        SQLite component due to improper handling of quotes
        in collation sequence names. A remote attacker can
        exploit this to cause uninitialized memory access,
        resulting in denial of service condition.
        (CVE-2015-3414)
    
      - A denial of service vulnerability exists in the bundled
        SQLite component due to an improper implementation of
        comparison operators in the sqlite3VdbeExec() function
        in vdbe.c. A remote attacker can exploit this to cause
        an invalid free operation, resulting in a denial of
        service condition. (CVE-2015-3415)
    
      - A denial of service vulnerability exists in the bundled
        SQLite component due to improper handling of precision
        and width values during floating-point conversions in
        the sqlite3VXPrintf() function in printf.c. A remote
        attacker can exploit this to cause a stack-based buffer
        overflow, resulting in a denial of service condition or
        the execution of arbitrary code. (CVE-2015-3416)
    
      - A security bypass vulnerability exists due to a failure
        in multiple extensions to check for NULL bytes in a path
        when processing or reading a file. A remote attacker can
        exploit this, by combining the '\0' character with a
        safe file extension, to bypass access restrictions.
        (CVE-2015-4598)
    
      - An arbitrary command injection vulnerability exists due
        to a flaw in the php_escape_shell_arg() function in
        exec.c. A remote attacker can exploit this, via the
        escapeshellarg() PHP method, to inject arbitrary
        operating system commands. (CVE-2015-4642)
    
      - A heap buffer overflow condition exists in the
        ftp_genlist() function in ftp.c. due to improper
        validation of user-supplied input. A remote attacker
        can exploit this to cause a denial of service condition
        or the execution of arbitrary code. (CVE-2015-4643)
        
      - A denial of service vulnerability exists due to a NULL
        pointer dereference flaw in the build_tablename()
        function in pgsql.c. An authenticated, remote attacker
        can exploit this to cause an application crash.
        (CVE-2015-4644)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.42");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.4.42 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4642");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/24");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);
    
    if (version =~ "^5\.4\.([0-9]|[1-3][0-9]|4[01])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 5.4.42' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-536.NASL
    descriptionAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id83975
    published2015-06-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83975
    titleAmazon Linux AMI : php56 (ALAS-2015-536)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2015-536.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83975);
      script_version("2.4");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026");
      script_xref(name:"ALAS", value:"2015-536");
    
      script_name(english:"Amazon Linux AMI : php56 (ALAS-2015-536)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An integer underflow flaw leading to out-of-bounds memory access was
    found in the way PHP's Phar extension parsed Phar archives. A
    specially crafted archive could cause PHP to crash or, possibly,
    execute arbitrary code when opened. (CVE-2015-4021)
    
    An integer overflow flaw leading to a heap based buffer overflow was
    found in the way PHP's FTP extension parsed file listing FTP server
    responses. A malicious FTP server could use this flaw to cause a PHP
    application to crash or, possibly, execute arbitrary code.
    (CVE-2015-4022)
    
    A flaw was found in the way PHP parsed multipart HTTP POST requests. A
    specially crafted request could cause PHP to use an excessive amount
    of CPU time. (CVE-2015-4024)
    
    It was found that certain PHP functions did not properly handle file
    names containing a NULL character. A remote attacker could possibly
    use this flaw to make a PHP script access unexpected files and bypass
    intended file system access restrictions. (CVE-2015-4025)
    
    It was found that certain PHP functions did not properly handle file
    names containing a NULL character. A remote attacker could possibly
    use this flaw to make a PHP script access unexpected files and bypass
    intended file system access restrictions. (CVE-2015-4026)
    
    PCRE library is prone to a heap overflow vulnerability. Due to
    insufficient bounds checking inside compile_branch(), the heap memory
    could be overflowed via a crafted regular expression. Since PCRE
    library is widely used, this vulnerability should affect many
    applications using it. An attacker may exploit this issue to execute
    arbitrary code in the context of the user running the affected
    application. (CVE-2015-2325)
    
    PCRE library is prone to a vulnerability which leads to Heap overflow.
    Without enough bound checking inside pcre_compile2(), the heap memory
    could be overflowed via a crafted regular expression. Since PCRE
    library is widely used, this vulnerability should affect many
    applications. An attacker may exploit this issue to execute arbitrary
    code in the context of the user running the affected application.
    (CVE-2015-2326)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2015-536.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php56' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php56-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-cli-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-common-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dba-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-devel-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gd-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-imap-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-intl-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-process-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-recode-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-soap-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xml-5.6.9-1.112.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.9-1.112.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-198-02.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84830
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84830
    titleSlackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2015-198-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84830);
      script_version("2.14");
      script_cvs_date("Date: 2019/01/02 16:37:56");
    
      script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644");
      script_bugtraq_id(74228, 75174, 75175, 75290, 75291, 75292);
      script_xref(name:"SSA", value:"2015-198-02");
    
      script_name(english:"Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 14.0, 14.1, and -current
    to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?72457f25"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/17");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.4.43", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.4.43", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.4.43", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.4.43", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.11", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.11", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-563.NASL
    descriptionUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.
    last seen2020-06-01
    modified2020-06-02
    plugin id84625
    published2015-07-09
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84625
    titleAmazon Linux AMI : php56 (ALAS-2015-563)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2015-563.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84625);
      script_version("2.6");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644");
      script_xref(name:"ALAS", value:"2015-563");
    
      script_name(english:"Amazon Linux AMI : php56 (ALAS-2015-563)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upstream reports that several bugs have been fixed as well as several
    security issues into some bundled libraries (CVE-2015-3414 ,
    CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All
    PHP 5.6 users are encouraged to upgrade to this version. Please see
    the upstream release notes for full details."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://php.net/ChangeLog-5.php#5.6.10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2015-563.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php56' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php56-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-cli-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-common-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dba-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-devel-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gd-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-imap-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-intl-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-process-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-recode-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-soap-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xml-5.6.10-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.10-1.115.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-479.NASL
    descriptionMariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen2020-06-05
    modified2015-07-13
    plugin id84658
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84658
    titleopenSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2694-1.NASL
    descriptionMichele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964) Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326) Wen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210) It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85122
    published2015-07-30
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85122
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)
  • NASL familyCGI abuses
    NASL idPHP_5_5_26.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id84363
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84363
    titlePHP 5.5.x < 5.5.26 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idPHP_5_6_10.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id84364
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84364
    titlePHP 5.6.x < 5.6.10 Multiple Vulnerabilities
  • NASL familyFirewalls
    NASL idPFSENSE_SA-15_06.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106495
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106495
    titlepfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)
  • NASL familyMisc.
    NASL idSECURITYCENTER_PHP_5_4_41.NASL
    descriptionThe SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities : - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
    last seen2020-06-01
    modified2020-06-02
    plugin id85566
    published2015-08-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85566
    titleTenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-562.NASL
    descriptionUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.
    last seen2020-06-01
    modified2020-06-02
    plugin id84624
    published2015-07-09
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84624
    titleAmazon Linux AMI : php55 (ALAS-2015-562)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL
    descriptionPCRE development team reports : A pattern such as
    last seen2020-06-01
    modified2020-06-02
    plugin id83795
    published2015-05-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83795
    titleFreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-162-02.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84127
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84127
    titleSlackware 14.0 / 14.1 / current : php (SSA:2015-162-02)

Redhat

rpms
  • rh-php56-0:2.3-1.el6
  • rh-php56-0:2.3-1.el7
  • rh-php56-php-0:5.6.25-1.el6
  • rh-php56-php-0:5.6.25-1.el7
  • rh-php56-php-bcmath-0:5.6.25-1.el6
  • rh-php56-php-bcmath-0:5.6.25-1.el7
  • rh-php56-php-cli-0:5.6.25-1.el6
  • rh-php56-php-cli-0:5.6.25-1.el7
  • rh-php56-php-common-0:5.6.25-1.el6
  • rh-php56-php-common-0:5.6.25-1.el7
  • rh-php56-php-dba-0:5.6.25-1.el6
  • rh-php56-php-dba-0:5.6.25-1.el7
  • rh-php56-php-dbg-0:5.6.25-1.el6
  • rh-php56-php-dbg-0:5.6.25-1.el7
  • rh-php56-php-debuginfo-0:5.6.25-1.el6
  • rh-php56-php-debuginfo-0:5.6.25-1.el7
  • rh-php56-php-devel-0:5.6.25-1.el6
  • rh-php56-php-devel-0:5.6.25-1.el7
  • rh-php56-php-embedded-0:5.6.25-1.el6
  • rh-php56-php-embedded-0:5.6.25-1.el7
  • rh-php56-php-enchant-0:5.6.25-1.el6
  • rh-php56-php-enchant-0:5.6.25-1.el7
  • rh-php56-php-fpm-0:5.6.25-1.el6
  • rh-php56-php-fpm-0:5.6.25-1.el7
  • rh-php56-php-gd-0:5.6.25-1.el6
  • rh-php56-php-gd-0:5.6.25-1.el7
  • rh-php56-php-gmp-0:5.6.25-1.el6
  • rh-php56-php-gmp-0:5.6.25-1.el7
  • rh-php56-php-imap-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el7
  • rh-php56-php-ldap-0:5.6.25-1.el6
  • rh-php56-php-ldap-0:5.6.25-1.el7
  • rh-php56-php-mbstring-0:5.6.25-1.el6
  • rh-php56-php-mbstring-0:5.6.25-1.el7
  • rh-php56-php-mysqlnd-0:5.6.25-1.el6
  • rh-php56-php-mysqlnd-0:5.6.25-1.el7
  • rh-php56-php-odbc-0:5.6.25-1.el6
  • rh-php56-php-odbc-0:5.6.25-1.el7
  • rh-php56-php-opcache-0:5.6.25-1.el6
  • rh-php56-php-opcache-0:5.6.25-1.el7
  • rh-php56-php-pdo-0:5.6.25-1.el6
  • rh-php56-php-pdo-0:5.6.25-1.el7
  • rh-php56-php-pear-1:1.9.5-4.el6
  • rh-php56-php-pear-1:1.9.5-4.el7
  • rh-php56-php-pgsql-0:5.6.25-1.el6
  • rh-php56-php-pgsql-0:5.6.25-1.el7
  • rh-php56-php-process-0:5.6.25-1.el6
  • rh-php56-php-process-0:5.6.25-1.el7
  • rh-php56-php-pspell-0:5.6.25-1.el6
  • rh-php56-php-pspell-0:5.6.25-1.el7
  • rh-php56-php-recode-0:5.6.25-1.el6
  • rh-php56-php-recode-0:5.6.25-1.el7
  • rh-php56-php-snmp-0:5.6.25-1.el6
  • rh-php56-php-snmp-0:5.6.25-1.el7
  • rh-php56-php-soap-0:5.6.25-1.el6
  • rh-php56-php-soap-0:5.6.25-1.el7
  • rh-php56-php-tidy-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el7
  • rh-php56-php-xmlrpc-0:5.6.25-1.el6
  • rh-php56-php-xmlrpc-0:5.6.25-1.el7
  • rh-php56-runtime-0:2.3-1.el6
  • rh-php56-runtime-0:2.3-1.el7
  • rh-php56-scldevel-0:2.3-1.el6
  • rh-php56-scldevel-0:2.3-1.el7