Vulnerabilities > CVE-2015-4644

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2658-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84563);
  script_version("2.10");
  script_cvs_date("Date: 2019/09/18 12:31:44");

  script_cve_id("CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644");
  script_bugtraq_id(73357, 74413, 74700, 74902, 74903, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);
  script_xref(name:"USN", value:"2658-1");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Neal Poole and Tomas Hoger discovered that PHP incorrectly handled
NULL bytes in file paths. A remote attacker could possibly use this
issue to bypass intended restrictions and create or obtain access to
sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,
CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly
handled filenames starting with a NULL byte. A remote attacker could
use this issue with a crafted tar archive to cause a denial of
service. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. A malicious FTP server could
possibly use this issue to execute arbitrary code. (CVE-2015-4022,
CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed
form data. A remote attacker could use this issue with crafted form
data to cause CPU consumption, leading to a denial of service.
(CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly
validated data types. A remote attacker could use this issue with
crafted serialized data to possibly execute arbitrary code.
(CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly
validated that the uri property is a string. A remote attacker could
use this issue with crafted serialized data to possibly obtain
sensitive information. (CVE-2015-4148)

Taoguang Chen discovered that PHP incorrectly validated data types in
multiple locations. A remote attacker could possibly use these issues
to obtain sensitive information or cause a denial of service.
(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was discovered that the PHP Fileinfo component incorrectly handled
certain files. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected
Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)

It was discovered that PHP incorrectly handled table names in
php_pgsql_meta_data. A local attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2015-4644).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2658-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|14\.10|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.19")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.19")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.19")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.19")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"libapache2-mod-php5", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"php5-cgi", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"php5-cli", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"php5-fpm", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"libapache2-mod-php5", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"php5-cgi", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"php5-cli", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"php5-fpm", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(84326);
  script_version("2.8");
  script_cvs_date("Date: 2018/12/19 13:21:18");

  script_cve_id("CVE-2015-4643", "CVE-2015-4644");

  script_name(english:"FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The PHP project reports :

DOM and GD :

- Fixed bug #69719 (Incorrect handling of paths with NULs).

FTP :

- Improved fix for bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4643)

Postgres :

- Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net/ChangeLog-5.php#5.4.42"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net/ChangeLog-5.php#5.5.26"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net/ChangeLog-5.php#5.6.10"
  );
  # http://openwall.com/lists/oss-security/2015/06/18/3
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.openwall.com/lists/oss-security/2015/06/18/3"
  );
  # https://vuxml.freebsd.org/freebsd/cdff0af2-1492-11e5-a1cf-002590263bf5.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0a8cf05d"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-psql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"php5-dom<5.4.42")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php5-ftp<5.4.42")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php5-gd<5.4.42")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php5-pgsql<5.4.42")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php55-dom<5.5.26")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php55-ftp<5.5.26")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php55-gd<5.5.26")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php55-pgsql<5.5.26")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php56-dom<5.6.10")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php56-ftp<5.6.10")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php56-gd<5.6.10")) flag++;
if (pkg_test(save_report:TRUE, pkg:"php56-psql<5.6.10")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201606-10.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(91704);
  script_version("2.3");
  script_cvs_date("Date: 2019/04/11 17:23:06");

  script_cve_id("CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804");
  script_xref(name:"GLSA", value:"201606-10");

  script_name(english:"GLSA-201606-10 : PHP: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201606-10
(PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    An attacker can possibly execute arbitrary code or create a Denial of
      Service condition.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201606-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
      5.4 is now masked in Portage:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
    All PHP 5.5 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
    All PHP 5.6 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.6.19", "rge 5.5.33", "rge 5.5.34", "rge 5.5.35", "rge 5.5.36", "rge 5.5.37", "rge 5.5.38"), vulnerable:make_list("lt 5.6.19"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1638-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(93161);
  script_version("2.8");
  script_cvs_date("Date: 2019/09/11 11:22:13");

  script_cve_id("CVE-2004-1019", "CVE-2006-7243", "CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3597", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-5459", "CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2014-9767", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3152", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4116", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8879", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114");
  script_bugtraq_id(44951, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68511, 68513, 69322, 69388, 70611, 70665, 70666, 71791, 71932, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73306, 73431, 74239, 74240, 74398, 74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292, 75970, 75974);

  script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php53 to version 5.3.17 fixes the following issues :

These security issues were fixed :

  - CVE-2016-5093: get_icu_value_internal out-of-bounds read
    (bnc#982010).

  - CVE-2016-5094: Don't create strings with lengths outside
    int range (bnc#982011).

  - CVE-2016-5095: Don't create strings with lengths outside
    int range (bnc#982012).

  - CVE-2016-5096: int/size_t confusion in fread
    (bsc#982013).

  - CVE-2016-5114: fpm_log.c memory leak and buffer overflow
    (bnc#982162).

  - CVE-2015-8879: The odbc_bindcols function in
    ext/odbc/php_odbc.c in PHP mishandles driver behavior
    for SQL_WVARCHAR columns, which allowed remote attackers
    to cause a denial of service (application crash) in
    opportunistic circumstances by leveraging use of the
    odbc_fetch_array function to access a certain type of
    Microsoft SQL Server table (bsc#981050).

  - CVE-2015-4116: Use-after-free vulnerability in the
    spl_ptr_heap_insert function in ext/spl/spl_heap.c in
    PHP allowed remote attackers to execute arbitrary code
    by triggering a failed SplMinHeap::compare operation
    (bsc#980366).

  - CVE-2015-8874: Stack consumption vulnerability in GD in
    PHP allowed remote attackers to cause a denial of
    service via a crafted imagefilltoborder call
    (bsc#980375).

  - CVE-2015-8873: Stack consumption vulnerability in
    Zend/zend_exceptions.c in PHP allowed remote attackers
    to cause a denial of service (segmentation fault) via
    recursive method calls (bsc#980373).

  - CVE-2016-4540: The grapheme_stripos function in
    ext/intl/grapheme/grapheme_string.c in PHP allowed
    remote attackers to cause a denial of service
    (out-of-bounds read) or possibly have unspecified other
    impact via a negative offset (bsc#978829).

  - CVE-2016-4541: The grapheme_strpos function in
    ext/intl/grapheme/grapheme_string.c in PHP allowed
    remote attackers to cause a denial of service
    (out-of-bounds read) or possibly have unspecified other
    impact via a negative offset (bsc#978829.

  - CVE-2016-4542: The exif_process_IFD_TAG function in
    ext/exif/exif.c in PHP did not properly construct
    spprintf arguments, which allowed remote attackers to
    cause a denial of service (out-of-bounds read) or
    possibly have unspecified other impact via crafted
    header data (bsc#978830).

  - CVE-2016-4543: The exif_process_IFD_in_JPEG function in
    ext/exif/exif.c in PHP did not validate IFD sizes, which
    allowed remote attackers to cause a denial of service
    (out-of-bounds read) or possibly have unspecified other
    impact via crafted header data (bsc#978830.

  - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in
    ext/exif/exif.c in PHP did not validate TIFF start data,
    which allowed remote attackers to cause a denial of
    service (out-of-bounds read) or possibly have
    unspecified other impact via crafted header data
    (bsc#978830.

  - CVE-2016-4537: The bcpowmod function in
    ext/bcmath/bcmath.c in PHP accepted a negative integer
    for the scale argument, which allowed remote attackers
    to cause a denial of service or possibly have
    unspecified other impact via a crafted call
    (bsc#978827).

  - CVE-2016-4538: The bcpowmod function in
    ext/bcmath/bcmath.c in PHP modified certain data
    structures without considering whether they are copies
    of the _zero_, _one_, or _two_ global variable, which
    allowed remote attackers to cause a denial of service or
    possibly have unspecified other impact via a crafted
    call (bsc#978827).

  - CVE-2016-4539: The xml_parse_into_struct function in
    ext/xml/xml.c in PHP allowed remote attackers to cause a
    denial of service (buffer under-read and segmentation
    fault) or possibly have unspecified other impact via
    crafted XML data in the second argument, leading to a
    parser level of zero (bsc#978828).

  - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles
    zero-length uncompressed data, which allowed remote
    attackers to cause a denial of service (heap memory
    corruption) or possibly have unspecified other impact
    via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive
    (bsc#977991).

  - CVE-2016-4346: Integer overflow in the str_pad function
    in ext/standard/string.c in PHP allowed remote attackers
    to cause a denial of service or possibly have
    unspecified other impact via a long string, leading to a
    heap-based buffer overflow (bsc#977994).

  - CVE-2016-4073: Multiple integer overflows in the
    mbfl_strcut function in
    ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed
    remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via a crafted mb_strcut call (bsc#977003).

  - CVE-2015-8867: The openssl_random_pseudo_bytes function
    in ext/openssl/openssl.c in PHP incorrectly relied on
    the deprecated RAND_pseudo_bytes function, which made it
    easier for remote attackers to defeat cryptographic
    protection mechanisms via unspecified vectors
    (bsc#977005).

  - CVE-2016-4070: Integer overflow in the
    php_raw_url_encode function in ext/standard/url.c in PHP
    allowed remote attackers to cause a denial of service
    (application crash) via a long string to the
    rawurlencode function (bsc#976997).

  - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM
    is used, did not isolate each thread from
    libxml_disable_entity_loader changes in other threads,
    which allowed remote attackers to conduct XML External
    Entity (XXE) and XML Entity Expansion (XEE) attacks via
    a crafted XML document, a related issue to CVE-2015-5161
    (bsc#976996).

  - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a
    client SSL option to mean that SSL is optional, which
    allowed man-in-the-middle attackers to spoof servers via
    a cleartext-downgrade attack, a related issue to
    CVE-2015-3152 (bsc#973792).

  - CVE-2015-8835: The make_http_soap_request function in
    ext/soap/php_http.c in PHP did not properly retrieve
    keys, which allowed remote attackers to cause a denial
    of service (NULL pointer dereference, type confusion,
    and application crash) or possibly execute arbitrary
    code via crafted serialized data representing a
    numerically indexed _cookies array, related to the
    SoapClient::__call method in ext/soap/soap.c
    (bsc#973351).

  - CVE-2016-3141: Use-after-free vulnerability in wddx.c in
    the WDDX extension in PHP allowed remote attackers to
    cause a denial of service (memory corruption and
    application crash) or possibly have unspecified other
    impact by triggering a wddx_deserialize call on XML data
    containing a crafted var element (bsc#969821).

  - CVE-2016-3142: The phar_parse_zipfile function in zip.c
    in the PHAR extension in PHP allowed remote attackers to
    obtain sensitive information from process memory or
    cause a denial of service (out-of-bounds read and
    application crash) by placing a PK\x05\x06 signature at
    an invalid location (bsc#971912).

  - CVE-2014-9767: Directory traversal vulnerability in the
    ZipArchive::extractTo function in ext/zip/php_zip.c in
    PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers
    to create arbitrary empty directories via a crafted ZIP
    archive (bsc#971612).

  - CVE-2016-3185: The make_http_soap_request function in
    ext/soap/php_http.c in PHP allowed remote attackers to
    obtain sensitive information from process memory or
    cause a denial of service (type confusion and
    application crash) via crafted serialized _cookies data,
    related to the SoapClient::__call method in
    ext/soap/soap.c (bsc#971611).

  - CVE-2016-2554: Stack-based buffer overflow in
    ext/phar/tar.c in PHP allowed remote attackers to cause
    a denial of service (application crash) or possibly have
    unspecified other impact via a crafted TAR archive
    (bsc#968284).

  - CVE-2015-7803: The phar_get_entry_data function in
    ext/phar/util.c in PHP allowed remote attackers to cause
    a denial of service (NULL pointer dereference and
    application crash) via a .phar file with a crafted TAR
    archive entry in which the Link indicator references a
    file that did not exist (bsc#949961).

  - CVE-2015-6831: Multiple use-after-free vulnerabilities
    in SPL in PHP allowed remote attackers to execute
    arbitrary code via vectors involving (1) ArrayObject,
    (2) SplObjectStorage, and (3) SplDoublyLinkedList, which
    are mishandled during unserialization (bsc#942291).

  - CVE-2015-6833: Directory traversal vulnerability in the
    PharData class in PHP allowed remote attackers to write
    to arbitrary files via a .. (dot dot) in a ZIP archive
    entry that is mishandled during an extractTo call
    (bsc#942296.

  - CVE-2015-6836: The SoapClient __call method in
    ext/soap/soap.c in PHP did not properly manage headers,
    which allowed remote attackers to execute arbitrary code
    via crafted serialized data that triggers a 'type
    confusion' in the serialize_function_call function
    (bsc#945428).

  - CVE-2015-6837: The xsl_ext_function_php function in
    ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
    not consider the possibility of a NULL valuePop return
    value proceeding with a free operation during initial
    error checking, which allowed remote attackers to cause
    a denial of service (NULL pointer dereference and
    application crash) via a crafted XML document, a
    different vulnerability than CVE-2015-6838 (bsc#945412).

  - CVE-2015-6838: The xsl_ext_function_php function in
    ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
    not consider the possibility of a NULL valuePop return
    value proceeding with a free operation after the
    principal argument loop, which allowed remote attackers
    to cause a denial of service (NULL pointer dereference
    and application crash) via a crafted XML document, a
    different vulnerability than CVE-2015-6837 (bsc#945412).

  - CVE-2015-5590: Stack-based buffer overflow in the
    phar_fix_filepath function in ext/phar/phar.c in PHP
    allowed remote attackers to cause a denial of service or
    possibly have unspecified other impact via a large
    length value, as demonstrated by mishandling of an
    e-mail attachment by the imap PHP extension
    (bsc#938719).

  - CVE-2015-5589: The phar_convert_to_other function in
    ext/phar/phar_object.c in PHP did not validate a file
    pointer a close operation, which allowed remote
    attackers to cause a denial of service (segmentation
    fault) or possibly have unspecified other impact via a
    crafted TAR archive that is mishandled in a
    Phar::convertToData call (bsc#938721).

  - CVE-2015-4602: The __PHP_Incomplete_Class function in
    ext/standard/incomplete_class.c in PHP allowed remote
    attackers to cause a denial of service (application
    crash) or possibly execute arbitrary code via an
    unexpected data type, related to a 'type confusion'
    issue (bsc#935224).

  - CVE-2015-4599: The SoapFault::__toString method in
    ext/soap/soap.c in PHP allowed remote attackers to
    obtain sensitive information, cause a denial of service
    (application crash), or possibly execute arbitrary code
    via an unexpected data type, related to a 'type
    confusion' issue (bsc#935226).

  - CVE-2015-4600: The SoapClient implementation in PHP
    allowed remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via an unexpected data type, related to 'type confusion'
    issues in the (1) SoapClient::__getLastRequest, (2)
    SoapClient::__getLastResponse, (3)
    SoapClient::__getLastRequestHeaders, (4)
    SoapClient::__getLastResponseHeaders, (5)
    SoapClient::__getCookies, and (6)
    SoapClient::__setCookie methods (bsc#935226).

  - CVE-2015-4601: PHP allowed remote attackers to cause a
    denial of service (application crash) or possibly
    execute arbitrary code via an unexpected data type,
    related to 'type confusion' issues in (1)
    ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and
    (3) ext/soap/soap.c, a different issue than
    CVE-2015-4600 (bsc#935226.

  - CVE-2015-4603: The exception::getTraceAsString function
    in Zend/zend_exceptions.c in PHP allowed remote
    attackers to execute arbitrary code via an unexpected
    data type, related to a 'type confusion' issue
    (bsc#935234).

  - CVE-2015-4644: The php_pgsql_meta_data function in
    pgsql.c in the PostgreSQL (aka pgsql) extension in PHP
    did not validate token extraction for table names, which
    might allowed remote attackers to cause a denial of
    service (NULL pointer dereference and application crash)
    via a crafted name. NOTE: this vulnerability exists
    because of an incomplete fix for CVE-2015-1352
    (bsc#935274).

  - CVE-2015-4643: Integer overflow in the ftp_genlist
    function in ext/ftp/ftp.c in PHP allowed remote FTP
    servers to execute arbitrary code via a long reply to a
    LIST command, leading to a heap-based buffer overflow.
    NOTE: this vulnerability exists because of an incomplete
    fix for CVE-2015-4022 (bsc#935275).

  - CVE-2015-3411: PHP did not ensure that pathnames lack
    %00 sequences, which might have allowed remote attackers
    to read or write to arbitrary files via crafted input to
    an application that calls (1) a DOMDocument load method,
    (2) the xmlwriter_open_uri function, (3) the finfo_file
    function, or (4) the hash_hmac_file function, as
    demonstrated by a filename\0.xml attack that bypasses an
    intended configuration in which client users may read
    only .xml files (bsc#935227).

  - CVE-2015-3412: PHP did not ensure that pathnames lack
    %00 sequences, which might have allowed remote attackers
    to read arbitrary files via crafted input to an
    application that calls the stream_resolve_include_path
    function in ext/standard/streamsfuncs.c, as demonstrated
    by a filename\0.extension attack that bypasses an
    intended configuration in which client users may read
    files with only one specific extension (bsc#935229).

  - CVE-2015-4598: PHP did not ensure that pathnames lack
    %00 sequences, which might have allowed remote attackers
    to read or write to arbitrary files via crafted input to
    an application that calls (1) a DOMDocument save method
    or (2) the GD imagepsloadfont function, as demonstrated
    by a filename\0.html attack that bypasses an intended
    configuration in which client users may write to only
    .html files (bsc#935232).

  - CVE-2015-4148: The do_soap_call function in
    ext/soap/soap.c in PHP did not verify that the uri
    property is a string, which allowed remote attackers to
    obtain sensitive information by providing crafted
    serialized data with an int data type, related to a
    'type confusion' issue (bsc#933227).

  - CVE-2015-4024: Algorithmic complexity vulnerability in
    the multipart_buffer_headers function in main/rfc1867.c
    in PHP allowed remote attackers to cause a denial of
    service (CPU consumption) via crafted form data that
    triggers an improper order-of-growth outcome
    (bsc#931421).

  - CVE-2015-4026: The pcntl_exec implementation in PHP
    truncates a pathname upon encountering a \x00 character,
    which might allowed remote attackers to bypass intended
    extension restrictions and execute files with unexpected
    names via a crafted first argument. NOTE: this
    vulnerability exists because of an incomplete fix for
    CVE-2006-7243 (bsc#931776).

  - CVE-2015-4022: Integer overflow in the ftp_genlist
    function in ext/ftp/ftp.c in PHP allowed remote FTP
    servers to execute arbitrary code via a long reply to a
    LIST command, leading to a heap-based buffer overflow
    (bsc#931772).

  - CVE-2015-4021: The phar_parse_tarfile function in
    ext/phar/tar.c in PHP did not verify that the first
    character of a filename is different from the \0
    character, which allowed remote attackers to cause a
    denial of service (integer underflow and memory
    corruption) via a crafted entry in a tar archive
    (bsc#931769).

  - CVE-2015-3329: Multiple stack-based buffer overflows in
    the phar_set_inode function in phar_internal.h in PHP
    allowed remote attackers to execute arbitrary code via a
    crafted length value in a (1) tar, (2) phar, or (3) ZIP
    archive (bsc#928506).

  - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote
    attackers to obtain sensitive information from process
    memory or cause a denial of service (buffer over-read
    and application crash) via a crafted length value in
    conjunction with crafted serialized data in a phar
    archive, related to the phar_parse_metadata and
    phar_parse_pharfile functions (bsc#928511).

  - CVE-2015-2787: Use-after-free vulnerability in the
    process_nested_data function in
    ext/standard/var_unserializer.re in PHP allowed remote
    attackers to execute arbitrary code via a crafted
    unserialize call that leverages use of the unset
    function within an __wakeup function, a related issue to
    CVE-2015-0231 (bsc#924972).

  - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in
    GD 2.1.1 and earlier, as used in PHP allowed remote
    attackers to cause a denial of service (buffer over-read
    and application crash) via a crafted GIF image that is
    improperly handled by the gdImageCreateFromGif function
    (bsc#923945).

  - CVE-2015-2301: Use-after-free vulnerability in the
    phar_rename_archive function in phar_object.c in PHP
    allowed remote attackers to cause a denial of service or
    possibly have unspecified other impact via vectors that
    trigger an attempted renaming of a Phar archive to the
    name of an existing file (bsc#922452).

  - CVE-2015-2305: Integer overflow in the regcomp
    implementation in the Henry Spencer BSD regex library
    (aka rxspencer) 32-bit platforms might have allowed
    context-dependent attackers to execute arbitrary code
    via a large regular expression that leads to a
    heap-based buffer overflow (bsc#921950).

  - CVE-2014-9705: Heap-based buffer overflow in the
    enchant_broker_request_dict function in
    ext/enchant/enchant.c in PHP allowed remote attackers to
    execute arbitrary code via vectors that trigger creation
    of multiple dictionaries (bsc#922451).

  - CVE-2015-0273: Multiple use-after-free vulnerabilities
    in ext/date/php_date.c in PHP allowed remote attackers
    to execute arbitrary code via crafted serialized input
    containing a (1) R or (2) r type specifier in (a)
    DateTimeZone data handled by the
    php_date_timezone_initialize_from_hash function or (b)
    DateTime data handled by the
    php_date_initialize_from_hash function (bsc#918768).

  - CVE-2014-9652: The mconvert function in softmagic.c in
    file as used in the Fileinfo component in PHP did not
    properly handle a certain string-length field during a
    copy of a truncated version of a Pascal string, which
    might allowed remote attackers to cause a denial of
    service (out-of-bounds memory access and application
    crash) via a crafted file (bsc#917150).

  - CVE-2014-8142: Use-after-free vulnerability in the
    process_nested_data function in
    ext/standard/var_unserializer.re in PHP allowed remote
    attackers to execute arbitrary code via a crafted
    unserialize call that leverages improper handling of
    duplicate keys within the serialized properties of an
    object, a different vulnerability than CVE-2004-1019
    (bsc#910659).

  - CVE-2015-0231: Use-after-free vulnerability in the
    process_nested_data function in
    ext/standard/var_unserializer.re in PHP allowed remote
    attackers to execute arbitrary code via a crafted
    unserialize call that leverages improper handling of
    duplicate numerical keys within the serialized
    properties of an object. NOTE: this vulnerability exists
    because of an incomplete fix for CVE-2014-8142
    (bsc#910659).

  - CVE-2014-8142: Use-after-free vulnerability in the
    process_nested_data function in
    ext/standard/var_unserializer.re in PHP allowed remote
    attackers to execute arbitrary code via a crafted
    unserialize call that leverages improper handling of
    duplicate keys within the serialized properties of an
    object, a different vulnerability than CVE-2004-1019
    (bsc#910659).

  - CVE-2015-0232: The exif_process_unicode function in
    ext/exif/exif.c in PHP allowed remote attackers to
    execute arbitrary code or cause a denial of service
    (uninitialized pointer free and application crash) via
    crafted EXIF data in a JPEG image (bsc#914690).

  - CVE-2014-3670: The exif_ifd_make_value function in
    exif.c in the EXIF extension in PHP operates on
    floating-point arrays incorrectly, which allowed remote
    attackers to cause a denial of service (heap memory
    corruption and application crash) or possibly execute
    arbitrary code via a crafted JPEG image with TIFF
    thumbnail data that is improperly handled by the
    exif_thumbnail function (bsc#902357).

  - CVE-2014-3669: Integer overflow in the object_custom
    function in ext/standard/var_unserializer.c in PHP
    allowed remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via an argument to the unserialize function that
    triggers calculation of a large length value
    (bsc#902360).

  - CVE-2014-3668: Buffer overflow in the date_from_ISO8601
    function in the mkgmtime implementation in
    libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP
    allowed remote attackers to cause a denial of service
    (application crash) via (1) a crafted first argument to
    the xmlrpc_set_type function or (2) a crafted argument
    to the xmlrpc_decode function, related to an
    out-of-bounds read operation (bsc#902368).

  - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR
    in PHP allowed local users to write to arbitrary files
    via a symlink attack on a (1) rest.cachefile or (2)
    rest.cacheid file in /tmp/pear/cache/, related to the
    retrieveCacheFirst and useLocalCache functions
    (bsc#893849).

  - CVE-2014-3597: Multiple buffer overflows in the
    php_parserr function in ext/standard/dns.c in PHP
    allowed remote DNS servers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via a crafted DNS record, related to the dns_get_record
    function and the dn_expand function. NOTE: this issue
    exists because of an incomplete fix for CVE-2014-4049
    (bsc#893853).

  - CVE-2014-4670: Use-after-free vulnerability in
    ext/spl/spl_dllist.c in the SPL component in PHP allowed
    context-dependent attackers to cause a denial of service
    or possibly have unspecified other impact via crafted
    iterator usage within applications in certain
    web-hosting environments (bsc#886059).

  - CVE-2014-4698: Use-after-free vulnerability in
    ext/spl/spl_array.c in the SPL component in PHP allowed
    context-dependent attackers to cause a denial of service
    or possibly have unspecified other impact via crafted
    ArrayIterator usage within applications in certain
    web-hosting environments (bsc#886060).

  - CVE-2014-4721: The phpinfo implementation in
    ext/standard/info.c in PHP did not ensure use of the
    string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE,
    PHP_AUTH_USER, and PHP_SELF variables, which might
    allowed context-dependent attackers to obtain sensitive
    information from process memory by using the integer
    data type with crafted values, related to a 'type
    confusion' vulnerability, as demonstrated by reading a
    private SSL key in an Apache HTTP Server web-hosting
    environment with mod_ssl and a PHP 5.3.x mod_php
    (bsc#885961).

  - CVE-2014-0207: The cdf_read_short_sector function in
    cdf.c in file as used in the Fileinfo component in PHP
    allowed remote attackers to cause a denial of service
    (assertion failure and application exit) via a crafted
    CDF file (bsc#884986).

  - CVE-2014-3478: Buffer overflow in the mconvert function
    in softmagic.c in file as used in the Fileinfo component
    in PHP allowed remote attackers to cause a denial of
    service (application crash) via a crafted Pascal string
    in a FILE_PSTRING conversion (bsc#884987).

  - CVE-2014-3479: The cdf_check_stream_offset function in
    cdf.c in file as used in the Fileinfo component in PHP
    relies on incorrect sector-size data, which allowed
    remote attackers to cause a denial of service
    (application crash) via a crafted stream offset in a CDF
    file (bsc#884989).

  - CVE-2014-3480: The cdf_count_chain function in cdf.c in
    file as used in the Fileinfo component in PHP did not
    properly validate sector-count data, which allowed
    remote attackers to cause a denial of service
    (application crash) via a crafted CDF file (bsc#884990).

  - CVE-2014-3487: The cdf_read_property_info function in
    file as used in the Fileinfo component in PHP did not
    properly validate a stream offset, which allowed remote
    attackers to cause a denial of service (application
    crash) via a crafted CDF file (bsc#884991).

  - CVE-2014-3515: The SPL component in PHP incorrectly
    anticipates that certain data structures will have the
    array data type after unserialization, which allowed
    remote attackers to execute arbitrary code via a crafted
    string that triggers use of a Hashtable destructor,
    related to 'type confusion' issues in (1) ArrayObject
    and (2) SPLObjectStorage (bsc#884992).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884986"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884987"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884991"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=885961"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=886059"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=886060"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=893849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=893853"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=902357"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=902360"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=902368"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=910659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=914690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=917150"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=918768"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=919080"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=921950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=922451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=922452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=923945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=924972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=925109"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=928506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=928511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931421"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=933227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935229"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935274"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=935275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=938719"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=938721"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=942291"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=942296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=949961"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=968284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=969821"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=971611"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=971612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=971912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=973351"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=973792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=976996"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=976997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=977003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=977005"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=977991"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=977994"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=978827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=978828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=978829"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=978830"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=980366"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=980373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=980375"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=981050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982010"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2004-1019/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2006-7243/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-0207/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3480/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3487/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3515/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3597/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3668/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3669/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-3670/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-4049/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-4670/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-4698/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-4721/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-5459/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-8142/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9652/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9705/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9709/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9767/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-0231/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-0232/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-0273/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-1352/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-2301/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-2305/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-2783/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-2787/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-3152/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-3329/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-3411/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-3412/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4021/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4022/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4024/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4026/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4116/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4148/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4598/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4599/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4600/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4601/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4602/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4603/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4643/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-4644/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5161/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5589/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5590/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-6831/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-6833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-6836/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-6837/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-6838/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7803/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8835/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8838/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8866/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8867/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8873/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8874/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8879/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-2554/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3141/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3142/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3185/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4070/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4073/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4342/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4346/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4537/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4538/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4539/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4540/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4541/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4542/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4543/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-4544/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5093/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5094/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5095/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5096/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5114/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dc947fb9"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-php53-12621=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"2", reference:"apache2-mod_php53-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bcmath-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bz2-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-calendar-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ctype-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-curl-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dba-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dom-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-exif-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fastcgi-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fileinfo-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ftp-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gd-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gettext-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gmp-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-iconv-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-intl-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-json-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ldap-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mbstring-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mcrypt-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mysql-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-odbc-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-openssl-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pcntl-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pdo-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pear-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pgsql-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pspell-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-shmop-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-snmp-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-soap-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-suhosin-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvmsg-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvsem-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvshm-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-tokenizer-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-wddx-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlreader-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlrpc-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlwriter-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xsl-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zip-5.3.17-47.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zlib-5.3.17-47.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84362);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2015-2325",
    "CVE-2015-2326",
    "CVE-2015-3414",
    "CVE-2015-3415",
    "CVE-2015-3416",
    "CVE-2015-4598",
    "CVE-2015-4642",
    "CVE-2015-4643",
    "CVE-2015-4644"
  );
  script_bugtraq_id(
    74228,
    75174,
    75175,
    75244,
    75290,
    75291,
    75292
  );

  script_name(english:"PHP 5.4.x < 5.4.42 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of PHP.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP 5.4.x running on the
remote web server is prior to 5.4.42. It is, therefore, affected by
multiple vulnerabilities :

  - Multiple heap buffer overflow conditions exist in the
    bundled Perl-Compatible Regular Expression (PCRE)
    library due to improper validation of user-supplied
    input to the compile_branch() and pcre_compile2()
    functions. A remote attacker can exploit these
    conditions to cause a heap-based buffer overflow,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2015-2325,
    CVE-2015-2326)

  - A denial of service vulnerability exists in the bundled
    SQLite component due to improper handling of quotes
    in collation sequence names. A remote attacker can
    exploit this to cause uninitialized memory access,
    resulting in denial of service condition.
    (CVE-2015-3414)

  - A denial of service vulnerability exists in the bundled
    SQLite component due to an improper implementation of
    comparison operators in the sqlite3VdbeExec() function
    in vdbe.c. A remote attacker can exploit this to cause
    an invalid free operation, resulting in a denial of
    service condition. (CVE-2015-3415)

  - A denial of service vulnerability exists in the bundled
    SQLite component due to improper handling of precision
    and width values during floating-point conversions in
    the sqlite3VXPrintf() function in printf.c. A remote
    attacker can exploit this to cause a stack-based buffer
    overflow, resulting in a denial of service condition or
    the execution of arbitrary code. (CVE-2015-3416)

  - A security bypass vulnerability exists due to a failure
    in multiple extensions to check for NULL bytes in a path
    when processing or reading a file. A remote attacker can
    exploit this, by combining the '\0' character with a
    safe file extension, to bypass access restrictions.
    (CVE-2015-4598)

  - An arbitrary command injection vulnerability exists due
    to a flaw in the php_escape_shell_arg() function in
    exec.c. A remote attacker can exploit this, via the
    escapeshellarg() PHP method, to inject arbitrary
    operating system commands. (CVE-2015-4642)

  - A heap buffer overflow condition exists in the
    ftp_genlist() function in ftp.c. due to improper
    validation of user-supplied input. A remote attacker
    can exploit this to cause a denial of service condition
    or the execution of arbitrary code. (CVE-2015-4643)
    
  - A denial of service vulnerability exists due to a NULL
    pointer dereference flaw in the build_tablename()
    function in pgsql.c. An authenticated, remote attacker
    can exploit this to cause an application crash.
    (CVE-2015-4644)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.42");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.4.42 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4642");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

# Check that it is the correct version of PHP
if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);

if (version =~ "^5\.4\.([0-9]|[1-3][0-9]|4[01])($|[^0-9])")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.4.42' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-561.
#

include("compat.inc");

if (description)
{
  script_id(84623);
  script_version("2.6");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2014-3416", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644");
  script_xref(name:"ALAS", value:"2015-561");

  script_name(english:"Amazon Linux AMI : php54 (ALAS-2015-561)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Upstream reports that six security-related issues in PHP were fixed in
this release, as well as several security issues in bundled sqlite
library (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416). All PHP 5.4
users are encouraged to upgrade to this version. Please see the
upstream release notes for full details."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://php.net/ChangeLog-5.php#5.4.42"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-561.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php54' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php54-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-cli-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-common-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-dba-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-devel-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-gd-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-imap-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-intl-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-process-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-recode-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-soap-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xml-5.4.42-1.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.42-1.71.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
}