Vulnerabilities > CVE-2015-2326 - Out-of-bounds Read vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

nessus

NVD

Published: 2020-01-14

Updated: 2023-01-19

Summary

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Vulnerable Configurations

Part	Description	Count
Application	Pcre Pcre Pcre 1.00 Pcre Pcre 1.01 Pcre Pcre 1.02 Pcre Pcre 1.03 Pcre Pcre 1.04 Pcre Pcre 1.05 Pcre Pcre 1.06 Pcre Pcre 1.07 Pcre Pcre 1.08 Pcre Pcre 1.09 Pcre Pcre 2.00 Pcre Pcre 2.01 Pcre Pcre 2.02 Pcre Pcre 2.03 Pcre Pcre 2.04 Pcre Pcre 2.05 Pcre Pcre 2.06 Pcre Pcre 2.07 Pcre Pcre 2.08 Pcre Pcre 2.08A Pcre Pcre 3.0 Pcre Pcre 3.1 Pcre Pcre 3.2 Pcre Pcre 3.3 Pcre Pcre 3.4 Pcre Pcre 3.5 Pcre Pcre 3.6 Pcre Pcre 3.7 Pcre Pcre 3.8 Pcre Pcre 3.9 Pcre Pcre 4.0 Pcre Pcre 4.1 Pcre Pcre 4.2 Pcre Pcre 4.3 Pcre Pcre 4.4 Pcre Pcre 4.5 Pcre Pcre 5.0 Pcre Pcre 6.0 Pcre Pcre 6.1 Pcre Pcre 6.2 Pcre Pcre 6.3 Pcre Pcre 6.4 Pcre Pcre 6.5 Pcre Pcre 6.6 Pcre Pcre 6.7 Pcre Pcre 7.0 Pcre Pcre 7.1 Pcre Pcre 7.2 Pcre Pcre 7.3 Pcre Pcre 7.4 Pcre Pcre 7.5 Pcre Pcre 7.6 Pcre Pcre 7.7 Pcre Pcre 7.8 Pcre Pcre 7.9 Pcre Pcre 8.00 Pcre Pcre 8.01 Pcre Pcre 8.02 Pcre Pcre 8.10 Pcre Pcre 8.11 Pcre Pcre 8.12 Pcre Pcre 8.13 Pcre Pcre 8.20 Pcre Pcre 8.21 Pcre Pcre 8.30 Pcre Pcre 8.31 Pcre Pcre 8.32 Pcre Pcre 8.33 Pcre Pcre 8.34 Pcre Pcre 8.35 Pcre Pcre 8.36	71
Application	Mariadb Mariadb Mariadb 10.0.0 Mariadb Mariadb 10.0.1 Mariadb Mariadb 10.0.2 Mariadb Mariadb 10.0.3 Mariadb Mariadb 10.0.4 Mariadb Mariadb 10.0.5 Mariadb Mariadb 10.0.6 Mariadb Mariadb 10.0.7 Mariadb Mariadb 10.0.8 Mariadb Mariadb 10.0.9 Mariadb Mariadb 10.0.10 Mariadb Mariadb 10.0.11 Mariadb Mariadb 10.0.12 Mariadb Mariadb 10.0.13 Mariadb Mariadb 10.0.14 Mariadb Mariadb 10.0.15 Mariadb Mariadb 10.0.16 Mariadb Mariadb 10.0.17	18
Application	Php PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.15 PHP PHP 5.5.16 PHP PHP 5.5.17 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.5.23 PHP PHP 5.5.24 PHP PHP 5.5.25 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.4.39 PHP PHP 5.4.40 PHP PHP 5.6.0 PHP PHP 5.6.1 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6 PHP PHP 5.6.7 PHP PHP 5.6.8	241
OS	Opensuse Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	2

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1273-1.NASL
description	This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84913
published	2015-07-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84913
title	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1273-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(84913); script_version("2.18"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2014-8964", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573", "CVE-2015-3152"); script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175); script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=906574" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919062" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920865" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=921333" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924960" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924961" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=934789" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936408" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936409" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8964/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0433/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0441/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0499/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0501/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0505/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2325/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2326/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2568/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2571/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2573/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3152/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eb0c49d8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12 : zypper in -t patch SUSE-SLE-WE-12-2015-332=1 SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-332=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debugsource-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-errormessages-10.0.20-18.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb"); }

NASL family	CGI abuses
NASL id	PHP_5_4_41.NASL
description	According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	83517
published	2015-05-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83517
title	PHP 5.4.x < 5.4.41 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(83517); script_version("1.11"); script_cvs_date("Date: 2019/03/27 13:17:50"); script_cve_id( "CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026" ); script_bugtraq_id( 44951, 74700, 74902, 74903, 74904, 75056, 75174, 75175 ); script_name(english:"PHP 5.4.x < 5.4.41 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025) - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024) - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.41"); script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.4.41 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4026"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port); if (version =~ "^5\.4\.([0-9]\|[1-3][0-9]\|4[0])($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version + '\n Fixed version : 5.4.41' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2943-1.NASL
description	It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90306
published	2016-04-01
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90306
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2943-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(90306); script_version("2.9"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2014-9769", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-5073", "CVE-2015-8380", "CVE-2015-8381", "CVE-2015-8382", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8387", "CVE-2015-8388", "CVE-2015-8389", "CVE-2015-8390", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8393", "CVE-2015-8394", "CVE-2015-8395", "CVE-2016-1283", "CVE-2016-3191"); script_xref(name:"USN", value:"2943-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2943-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libpcre3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpcre3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libpcre3", pkgver:"8.12-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libpcre3", pkgver:"1:8.31-2ubuntu2.2")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libpcre3", pkgver:"2:8.35-7.1ubuntu1.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre3"); }

NASL family	CGI abuses
NASL id	PHP_5_6_9.NASL
description	According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	83519
published	2015-05-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83519
title	PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(83519); script_version("1.14"); script_cvs_date("Date: 2019/03/27 13:17:50"); script_cve_id( "CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026" ); script_bugtraq_id( 44951, 74700, 74902, 74903, 74904, 75056, 75174, 75175 ); script_name(english:"PHP 5.6.x < 5.6.9 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024) - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026) - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in xsltprocessor.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.9"); script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.6.9 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4026"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port); if (version =~ "^5\.6\.[0-8]($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version + '\n Fixed version : 5.6.9' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-353.NASL
description	The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues. The following vulnerabilities were fixed : - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960) - CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961] - CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]
last seen	2020-06-05
modified	2015-05-13
plugin id	83392
published	2015-05-13
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83392
title	openSUSE Security Update : pcre (openSUSE-2015-353)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-353. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(83392); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8964", "CVE-2015-2325", "CVE-2015-2326"); script_name(english:"openSUSE Security Update : pcre (openSUSE-2015-353)"); script_summary(english:"Check for the openSUSE-2015-353 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues. The following vulnerabilities were fixed : - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960) - CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961] - CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906574" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924960" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924961" ); script_set_attribute(attribute:"solution", value:"Update the affected pcre packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcre-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libpcre1-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcre1-debuginfo-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcre16-0-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcre16-0-debuginfo-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcrecpp0-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcrecpp0-debuginfo-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcreposix0-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpcreposix0-debuginfo-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcre-debugsource-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcre-devel-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcre-devel-static-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcre-tools-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcre-tools-debuginfo-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre1-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre16-0-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcre16-0-debuginfo-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcreposix0-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpcreposix0-debuginfo-32bit-8.37-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcre1-debuginfo-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcre16-0-debuginfo-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcrecpp0-debuginfo-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libpcreposix0-debuginfo-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pcre-debugsource-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pcre-devel-static-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pcre-tools-debuginfo-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcre16-0-debuginfo-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-32bit-8.37-3.5.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpcreposix0-debuginfo-32bit-8.37-3.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcre1-32bit / libpcre1 / libpcre1-debuginfo-32bit / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-534.NASL
description	An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	83973
published	2015-06-04
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83973
title	Amazon Linux AMI : php54 (ALAS-2015-534)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-534. # include("compat.inc"); if (description) { script_id(83973); script_version("2.4"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"); script_xref(name:"ALAS", value:"2015-534"); script_name(english:"Amazon Linux AMI : php54 (ALAS-2015-534)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021) An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026) PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325) PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-534.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php54' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php54-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-cli-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-common-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-dba-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-devel-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-gd-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-imap-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-intl-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-process-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-recode-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-soap-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-xml-5.4.41-1.69.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.41-1.69.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc"); }

NASL family	CGI abuses
NASL id	PHP_5_4_42.NASL
description	According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	84362
published	2015-06-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84362
title	PHP 5.4.x < 5.4.42 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84362); script_version("1.13"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644" ); script_bugtraq_id( 74228, 75174, 75175, 75244, 75290, 75291, 75292 ); script_name(english:"PHP 5.4.x < 5.4.42 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598) - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642) - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.42"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 5.4.42 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4642"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port); if (version =~ "^5\.4\.([0-9]\|[1-3][0-9]\|4[01])($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 5.4.42' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-536.NASL
description	An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	83975
published	2015-06-04
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83975
title	Amazon Linux AMI : php56 (ALAS-2015-536)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-536. # include("compat.inc"); if (description) { script_id(83975); script_version("2.4"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"); script_xref(name:"ALAS", value:"2015-536"); script_name(english:"Amazon Linux AMI : php56 (ALAS-2015-536)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021) An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026) PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325) PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-536.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.9-1.112.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.9-1.112.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2015-198-02.NASL
description	New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84830
published	2015-07-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84830
title	Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2015-198-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(84830); script_version("2.14"); script_cvs_date("Date: 2019/01/02 16:37:56"); script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"); script_bugtraq_id(74228, 75174, 75175, 75290, 75291, 75292); script_xref(name:"SSA", value:"2015-198-02"); script_name(english:"Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?72457f25" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/17"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.4.43", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.4.43", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.4.43", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.4.43", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.11", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.11", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-563.NASL
description	Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.
last seen	2020-06-01
modified	2020-06-02
plugin id	84625
published	2015-07-09
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84625
title	Amazon Linux AMI : php56 (ALAS-2015-563)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-563. # include("compat.inc"); if (description) { script_id(84625); script_version("2.6"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"); script_xref(name:"ALAS", value:"2015-563"); script_name(english:"Amazon Linux AMI : php56 (ALAS-2015-563)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details." ); script_set_attribute( attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.10" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-563.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.10-1.115.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.10-1.115.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-479.NASL
description	MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
last seen	2020-06-05
modified	2015-07-13
plugin id	84658
published	2015-07-13
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84658
title	openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2694-1.NASL
description	Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964) Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326) Wen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210) It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85122
published	2015-07-30
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85122
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)

NASL family	CGI abuses
NASL id	PHP_5_5_26.NASL
description	According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	84363
published	2015-06-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84363
title	PHP 5.5.x < 5.5.26 Multiple Vulnerabilities

NASL family	CGI abuses
NASL id	PHP_5_6_10.NASL
description	According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414) - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415) - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416) - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	84364
published	2015-06-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84364
title	PHP 5.6.x < 5.6.10 Multiple Vulnerabilities

NASL family	Firewalls
NASL id	PFSENSE_SA-15_06.NASL
description	According to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
last seen	2020-06-01
modified	2020-06-02
plugin id	106495
published	2018-01-31
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106495
title	pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)

NASL family	Misc.
NASL id	SECURITYCENTER_PHP_5_4_41.NASL
description	The SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities : - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the
last seen	2020-06-01
modified	2020-06-02
plugin id	85566
published	2015-08-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85566
title	Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-562.NASL
description	Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.
last seen	2020-06-01
modified	2020-06-02
plugin id	84624
published	2015-07-09
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84624
title	Amazon Linux AMI : php55 (ALAS-2015-562)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL
description	PCRE development team reports : A pattern such as
last seen	2020-06-01
modified	2020-06-02
plugin id	83795
published	2015-05-26
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83795
title	FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2015-162-02.NASL
description	New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84127
published	2015-06-12
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84127
title	Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)

Redhat

rpms

rh-php56-0:2.3-1.el6
rh-php56-0:2.3-1.el7
rh-php56-php-0:5.6.25-1.el6
rh-php56-php-0:5.6.25-1.el7
rh-php56-php-bcmath-0:5.6.25-1.el6
rh-php56-php-bcmath-0:5.6.25-1.el7
rh-php56-php-cli-0:5.6.25-1.el6
rh-php56-php-cli-0:5.6.25-1.el7
rh-php56-php-common-0:5.6.25-1.el6
rh-php56-php-common-0:5.6.25-1.el7
rh-php56-php-dba-0:5.6.25-1.el6
rh-php56-php-dba-0:5.6.25-1.el7
rh-php56-php-dbg-0:5.6.25-1.el6
rh-php56-php-dbg-0:5.6.25-1.el7
rh-php56-php-debuginfo-0:5.6.25-1.el6
rh-php56-php-debuginfo-0:5.6.25-1.el7
rh-php56-php-devel-0:5.6.25-1.el6
rh-php56-php-devel-0:5.6.25-1.el7
rh-php56-php-embedded-0:5.6.25-1.el6
rh-php56-php-embedded-0:5.6.25-1.el7
rh-php56-php-enchant-0:5.6.25-1.el6
rh-php56-php-enchant-0:5.6.25-1.el7
rh-php56-php-fpm-0:5.6.25-1.el6
rh-php56-php-fpm-0:5.6.25-1.el7
rh-php56-php-gd-0:5.6.25-1.el6
rh-php56-php-gd-0:5.6.25-1.el7
rh-php56-php-gmp-0:5.6.25-1.el6
rh-php56-php-gmp-0:5.6.25-1.el7
rh-php56-php-imap-0:5.6.25-1.el6
rh-php56-php-intl-0:5.6.25-1.el6
rh-php56-php-intl-0:5.6.25-1.el7
rh-php56-php-ldap-0:5.6.25-1.el6
rh-php56-php-ldap-0:5.6.25-1.el7
rh-php56-php-mbstring-0:5.6.25-1.el6
rh-php56-php-mbstring-0:5.6.25-1.el7
rh-php56-php-mysqlnd-0:5.6.25-1.el6
rh-php56-php-mysqlnd-0:5.6.25-1.el7
rh-php56-php-odbc-0:5.6.25-1.el6
rh-php56-php-odbc-0:5.6.25-1.el7
rh-php56-php-opcache-0:5.6.25-1.el6
rh-php56-php-opcache-0:5.6.25-1.el7
rh-php56-php-pdo-0:5.6.25-1.el6
rh-php56-php-pdo-0:5.6.25-1.el7
rh-php56-php-pear-1:1.9.5-4.el6
rh-php56-php-pear-1:1.9.5-4.el7
rh-php56-php-pgsql-0:5.6.25-1.el6
rh-php56-php-pgsql-0:5.6.25-1.el7
rh-php56-php-process-0:5.6.25-1.el6
rh-php56-php-process-0:5.6.25-1.el7
rh-php56-php-pspell-0:5.6.25-1.el6
rh-php56-php-pspell-0:5.6.25-1.el7
rh-php56-php-recode-0:5.6.25-1.el6
rh-php56-php-recode-0:5.6.25-1.el7
rh-php56-php-snmp-0:5.6.25-1.el6
rh-php56-php-snmp-0:5.6.25-1.el7
rh-php56-php-soap-0:5.6.25-1.el6
rh-php56-php-soap-0:5.6.25-1.el7
rh-php56-php-tidy-0:5.6.25-1.el6
rh-php56-php-xml-0:5.6.25-1.el6
rh-php56-php-xml-0:5.6.25-1.el7
rh-php56-php-xmlrpc-0:5.6.25-1.el6
rh-php56-php-xmlrpc-0:5.6.25-1.el7
rh-php56-runtime-0:2.3-1.el6
rh-php56-runtime-0:2.3-1.el7
rh-php56-scldevel-0:2.3-1.el6
rh-php56-scldevel-0:2.3-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References