Vulnerabilities > CVE-2015-6836 - Unspecified vulnerability in PHP

047910
CVSS 7.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
low complexity
php
nessus

Summary

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

Vulnerable Configurations

Part Description Count
Application
Php
671

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14976.NASL
    description03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol) **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-15
    plugin id85933
    published2015-09-15
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85933
    titleFedora 21 : php-5.6.13-1.fc21 (2015-14976)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-14976.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85933);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"FEDORA", value:"2015-14976");
    
      script_name(english:"Fedora 21 : php-5.6.13-1.fc21 (2015-14976)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long
    timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST
    data). (cmb) * Fixed bug #70198 (Checking liveness does not work as
    expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use
    After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219
    (Use after free vulnerability in session deserializer). (taoguangchen
    at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets
    HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
    #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug
    #70266 (DateInterval::__construct.interval_spec is not supposed to be
    optional). (cmb)
    
      - Fixed bug #70277 (new DateTimeZone($foo) is ignoring
        text after null byte). (cmb) **EXIF:** * Fixed bug
        #70385 (Buffer over-read in exif_read_data with TIFF IFD
        tag byte value of 32 bytes). (Stas) **hash:** * Fixed
        bug #70312 (HAVAL gives wrong hashes in specific cases).
        (letsgolee at naver dot com) **MCrypt:** * Fixed bug
        #69833 (mcrypt fd caching not working). (Anatol)
        **Opcache:** * Fixed bug #70237 (Empty while and
        do-while segmentation fault with opcode on CLI enabled).
        (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
        (Incorrect bump-along behavior with \K and empty string
        match). (cmb) * Fixed bug #70345 (Multiple
        vulnerabilities related to PCRE functions). (Anatol
        Belski) **SOAP:** * Fixed bug #70388 (SOAP
        serialize_function_call() type confusion / RCE). (Stas)
        **SPL:** * Fixed bug #70290 (NULL pointer deref
        (segfault) in spl_autoload via ob_start). (hugh at
        allthethings dot co dot nz) * Fixed bug #70303
        (Incorrect constructor reflection for ArrayObject).
        (cmb) * Fixed bug #70365 (Use-after-free vulnerability
        in unserialize() with SplObjectStorage). (taoguangchen
        at icloud dot com) * Fixed bug #70366 (Use-after-free
        vulnerability in unserialize() with
        SplDoublyLinkedList). (taoguangchen at icloud dot com)
        **Standard:** * Fixed bug #70052 (getimagesize() fails
        for very large and very small WBMP). (cmb) * Fixed bug
        #70157 (parse_ini_string() segmentation fault with
        INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782
        (NULL pointer dereference). (Stas)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260748"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166337.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3071c07f"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"php-5.6.13-1.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-341.NASL
    description - CVE-2015-6831 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. - CVE-2015-6832 Dangling pointer in the unserialization of ArrayObject items. - CVE-2015-6833 Files extracted from archive may be placed outside of destination directory - CVE-2015-6834 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. - CVE-2015-6836 A type confusion occurs within SOAP serialize_function_call due to an insufficient validation of the headers field. In the SoapClient
    last seen2020-03-17
    modified2015-11-09
    plugin id86794
    published2015-11-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86794
    titleDebian DLA-341-1 : php5 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-341-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86794);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804");
    
      script_name(english:"Debian DLA-341-1 : php5 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - CVE-2015-6831 Use after free vulnerability was found in
        unserialize() function. We can create ZVAL and free it
        via Serializable::unserialize. However the unserialize()
        will still allow to use R: or r: to set references to
        that already freed memory. It is possible to
        use-after-free attack and execute arbitrary code
        remotely.
    
      - CVE-2015-6832 Dangling pointer in the unserialization of
        ArrayObject items.
    
      - CVE-2015-6833 Files extracted from archive may be placed
        outside of destination directory
    
      - CVE-2015-6834 Use after free vulnerability was found in
        unserialize() function. We can create ZVAL and free it
        via Serializable::unserialize. However the unserialize()
        will still allow to use R: or r: to set references to
        that already freed memory. It is possible to
        use-after-free attack and execute arbitrary code
        remotely.
    
      - CVE-2015-6836 A type confusion occurs within SOAP
        serialize_function_call due to an insufficient
        validation of the headers field. In the SoapClient's
        __call method, the verify_soap_headers_array check is
        applied only to headers retrieved from
        zend_parse_parameters; problem is that a few lines
        later, soap_headers could be updated or even replaced
        with values from the __default_headers object fields.
    
      - CVE-2015-6837 The XSLTProcessor class misses a few
        checks on the input from the libxslt library. The
        valuePop() function call is able to return NULL pointer
        and php does not check that.
    
      - CVE-2015-6838 The XSLTProcessor class misses a few
        checks on the input from the libxslt library. The
        valuePop() function call is able to return NULL pointer
        and php does not check that.
    
      - CVE-2015-7803 A NULL pointer dereference flaw was found
        in the way PHP's Phar extension parsed Phar archives. A
        specially crafted archive could cause PHP to crash.
    
      - CVE-2015-7804 An uninitialized pointer use flaw was
        found in the phar_make_dirstream() function of PHP's
        Phar extension. A specially crafted phar file in the ZIP
        format with a directory entry with a file name '/ZIP'
        could cause a PHP application function to crash.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/11/msg00002.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/php5"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libapache2-mod-php5", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"libapache2-mod-php5filter", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php-pear", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-cgi", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-cli", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-common", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-curl", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-dbg", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-dev", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-enchant", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-gd", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-gmp", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-imap", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-interbase", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-intl", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-ldap", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-mcrypt", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-mysql", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-odbc", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-pgsql", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-pspell", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-recode", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-snmp", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-sqlite", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-sybase", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-tidy", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-xmlrpc", reference:"5.3.3.1-7+squeeze28")) flag++;
    if (deb_check(release:"6.0", prefix:"php5-xsl", reference:"5.3.3.1-7+squeeze28")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-274-02.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86223
    published2015-10-02
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86223
    titleSlackware 14.0 / 14.1 / current : php (SSA:2015-274-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2015-274-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86223);
      script_version("$Revision: 2.6 $");
      script_cvs_date("$Date: 2016/10/19 14:37:26 $");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"SSA", value:"2015-274-02");
    
      script_name(english:"Slackware 14.0 / 14.1 / current : php (SSA:2015-274-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 14.0, 14.1, and -current
    to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399477
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?933453e8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.4.45", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.4.45", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.4.45", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.4.45", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.13", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.13", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework - apache_mod_php - ATS - Audio - CFNetwork - CoreGraphics - CoreText - EFI - FontParser - Grand Central Dispatch - ImageIO - IOAcceleratorFamily - Kernel - libarchive - MCX Application Restrictions - OpenGL Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86829
    published2015-11-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86829
    titleMac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86829);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/14  1:59:36");
    
      script_cve_id(
        "CVE-2015-0235",
        "CVE-2015-0273",
        "CVE-2015-4860",
        "CVE-2015-5924",
        "CVE-2015-5925",
        "CVE-2015-5926",
        "CVE-2015-5927",
        "CVE-2015-5932",
        "CVE-2015-5933",
        "CVE-2015-5934",
        "CVE-2015-5935",
        "CVE-2015-5936",
        "CVE-2015-5937",
        "CVE-2015-5938",
        "CVE-2015-5939",
        "CVE-2015-5940",
        "CVE-2015-5942",
        "CVE-2015-5944",
        "CVE-2015-6834",
        "CVE-2015-6835",
        "CVE-2015-6836",
        "CVE-2015-6837",
        "CVE-2015-6838",
        "CVE-2015-6975",
        "CVE-2015-6976",
        "CVE-2015-6977",
        "CVE-2015-6978",
        "CVE-2015-6984",
        "CVE-2015-6985",
        "CVE-2015-6989",
        "CVE-2015-6991",
        "CVE-2015-6992",
        "CVE-2015-6993",
        "CVE-2015-6996",
        "CVE-2015-7009",
        "CVE-2015-7010",
        "CVE-2015-7016",
        "CVE-2015-7018",
        "CVE-2015-7023",
        "CVE-2015-7035"
      );
      script_bugtraq_id(
        69477,
        72325,
        72701,
        74971,
        76317,
        76644,
        76649,
        76733,
        76734,
        76738,
        77162,
        77263,
        77265,
        77266,
        77270
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-10-21-4");
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)");
      script_summary(english:"Checks for the presence of Security Update 2015-004 and 2015-007.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes multiple
    security vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.9.5 or 10.10.5
    that is missing Security Update 2015-004 or 2015-007. It is,
    therefore, affected by multiple vulnerabilities in the following
    components :
    
      - Accelerate Framework
      - apache_mod_php
      - ATS
      - Audio
      - CFNetwork
      - CoreGraphics
      - CoreText
      - EFI
      - FontParser
      - Grand Central Dispatch
      - ImageIO
      - IOAcceleratorFamily
      - Kernel
      - libarchive
      - MCX Application Restrictions
      - OpenGL
    
    Note that successful exploitation of the most serious issues can
    result in arbitrary code execution.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205375");
      # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7e01da3");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2015-004 / 2015-007 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Compare 2 patch numbers to determine if patch requirements are satisfied.
    # Return true if this patch or a later patch is applied
    # Return false otherwise
    function check_patch(year, number)
    {
      local_var p_split = split(patch, sep:"-");
      local_var p_year  = int( p_split[0]);
      local_var p_num   = int( p_split[1]);
    
      if (year >  p_year) return TRUE;
      else if (year <  p_year) return FALSE;
      else if (number >=  p_num) return TRUE;
      else return FALSE;
    }
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    # Advisory states that update 2015-004 is available for 10.10.5 and update 2015-007 is available for 10.9.5
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    if (!ereg(pattern:"Mac OS X 10\.(9|10)\.5([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.9.5 or Mac OS X 10.10.5");
    
    if ("10.9.5" >< os) patch = "2015-007";
    else if ("10.10.5" >< os) patch = "2015-004";
    
    packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1);
    sec_boms_report = egrep(pattern:"^com\.apple\.pkg\.update\.security\..*bom$", string:packages);
    sec_boms = split(sec_boms_report, sep:'\n');
    
    foreach package (sec_boms)
    {
      # Grab patch year and number
      match = eregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package);
      if (empty_or_null(match[1]) || empty_or_null(match[2]))
        continue;
    
      patch_found = check_patch(year:int(match[1]), number:int(match[2]));
      if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected.");
    }
    
    report =  '\n  Missing security update : ' + patch;
    report += '\n  Installed security BOMs : ';
    if (sec_boms_report) report += str_replace(find:'\n', replace:'\n                            ', string:sec_boms_report);
    else report += 'n/a';
    report += '\n';
    
    security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
    
  • NASL familyCGI abuses
    NASL idPHP_5_6_13.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.13. It is, therefore, affected by multiple vulnerabilities : - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive. (CVE-2014-9767) - Multiple use-after-free memory errors exist related to the unserialize() function, which a remote attacker can exploit to execute arbitrary code. (CVE-2015-6834) - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835) - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field, which a remote attacker can exploit to have unspecified impact. (CVE-2015-6836) - A flaw exists in the XSLTProcessor class due to improper validation of input from the libxslt library, which a remote attacker can exploit to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838) - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path. - A NULL pointer dereference flaw exists in the spl_autoload() function in file php_spl.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash. - A flaw exists in the parse_ini_file() and parse_ini_string() functions due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash. - A flaw exists in the CLI SAPI Web Server due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to access arbitrary files outside of the restricted path. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id85887
    published2015-09-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85887
    titlePHP 5.6.x < 5.6.13 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85887);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-9767",
        "CVE-2015-6834",
        "CVE-2015-6835",
        "CVE-2015-6836",
        "CVE-2015-6837",
        "CVE-2015-6838"
      );
      script_bugtraq_id(
        76644,
        76649,
        76652,
        76733,
        76734,
        76738
      );
    
      script_name(english:"PHP 5.6.x < 5.6.13 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.6.x prior to 5.6.13. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c
        could allow a remote attacker to create arbitrary
        empty directories via a crafted ZIP archive.
        (CVE-2014-9767)
    
      - Multiple use-after-free memory errors exist related to
        the unserialize() function, which a remote attacker can
        exploit to execute arbitrary code. (CVE-2015-6834)
    
      - A use-after-free memory error exists related to the
        php_var_unserialize() function. A remote attacker, using
        a crafted serialize string, can exploit this to execute
        arbitrary code. (CVE-2015-6835)
    
      - A type confusion error exists related to the
        serialize_function_call() function due to improper
        validation of the headers field, which a remote attacker
        can exploit to have unspecified impact. (CVE-2015-6836)
    
      - A flaw exists in the XSLTProcessor class due to
        improper validation of input from the libxslt library,
        which a remote attacker can exploit to have an
        unspecified impact. (CVE-2015-6837, CVE-2015-6838)
    
      - A flaw exists in the php_zip_extract_file() function
        in file php_zip.c due to improper sanitization of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to create arbitrary directories outside
        of the restricted path.
    
      - A NULL pointer dereference flaw exists in the
        spl_autoload() function in file php_spl.c due to
        improper sanitization of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        cause a PHP application to crash.
    
      - A flaw exists in the parse_ini_file() and
        parse_ini_string() functions due to improper
        sanitization of user-supplied input. An unauthenticated,
        remote attacker can exploit this to cause a PHP
        application to crash.
    
      - A flaw exists in the CLI SAPI Web Server due to improper
        sanitization of user-supplied input. An unauthenticated,
        remote attacker can exploit this to access arbitrary
        files outside of the restricted path.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.13");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.6.13 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6836");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/10");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port);
    
    if (version =~ "^5\.6\.([0-9]|1[0-2])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version +
          '\n  Fixed version     : 5.6.13' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201606-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91704
    published2016-06-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91704
    titleGLSA-201606-10 : PHP: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201606-10.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91704);
      script_version("2.3");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804");
      script_xref(name:"GLSA", value:"201606-10");
    
      script_name(english:"GLSA-201606-10 : PHP: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201606-10
    (PHP: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in PHP. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        An attacker can possibly execute arbitrary code or create a Denial of
          Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201606-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
          5.4 is now masked in Portage:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
        All PHP 5.5 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'
        All PHP 5.6 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.6.19", "rge 5.5.33", "rge 5.5.34", "rge 5.5.35", "rge 5.5.36", "rge 5.5.37", "rge 5.5.38"), vulnerable:make_list("lt 5.6.19"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1638-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93161);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2004-1019", "CVE-2006-7243", "CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3597", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-5459", "CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2014-9767", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3152", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4116", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8879", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114");
      script_bugtraq_id(44951, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68511, 68513, 69322, 69388, 70611, 70665, 70666, 71791, 71932, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73306, 73431, 74239, 74240, 74398, 74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292, 75970, 75974);
    
      script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php53 to version 5.3.17 fixes the following issues :
    
    These security issues were fixed :
    
      - CVE-2016-5093: get_icu_value_internal out-of-bounds read
        (bnc#982010).
    
      - CVE-2016-5094: Don't create strings with lengths outside
        int range (bnc#982011).
    
      - CVE-2016-5095: Don't create strings with lengths outside
        int range (bnc#982012).
    
      - CVE-2016-5096: int/size_t confusion in fread
        (bsc#982013).
    
      - CVE-2016-5114: fpm_log.c memory leak and buffer overflow
        (bnc#982162).
    
      - CVE-2015-8879: The odbc_bindcols function in
        ext/odbc/php_odbc.c in PHP mishandles driver behavior
        for SQL_WVARCHAR columns, which allowed remote attackers
        to cause a denial of service (application crash) in
        opportunistic circumstances by leveraging use of the
        odbc_fetch_array function to access a certain type of
        Microsoft SQL Server table (bsc#981050).
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function in ext/spl/spl_heap.c in
        PHP allowed remote attackers to execute arbitrary code
        by triggering a failed SplMinHeap::compare operation
        (bsc#980366).
    
      - CVE-2015-8874: Stack consumption vulnerability in GD in
        PHP allowed remote attackers to cause a denial of
        service via a crafted imagefilltoborder call
        (bsc#980375).
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c in PHP allowed remote attackers
        to cause a denial of service (segmentation fault) via
        recursive method calls (bsc#980373).
    
      - CVE-2016-4540: The grapheme_stripos function in
        ext/intl/grapheme/grapheme_string.c in PHP allowed
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset (bsc#978829).
    
      - CVE-2016-4541: The grapheme_strpos function in
        ext/intl/grapheme/grapheme_string.c in PHP allowed
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset (bsc#978829.
    
      - CVE-2016-4542: The exif_process_IFD_TAG function in
        ext/exif/exif.c in PHP did not properly construct
        spprintf arguments, which allowed remote attackers to
        cause a denial of service (out-of-bounds read) or
        possibly have unspecified other impact via crafted
        header data (bsc#978830).
    
      - CVE-2016-4543: The exif_process_IFD_in_JPEG function in
        ext/exif/exif.c in PHP did not validate IFD sizes, which
        allowed remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via crafted header data (bsc#978830.
    
      - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in
        ext/exif/exif.c in PHP did not validate TIFF start data,
        which allowed remote attackers to cause a denial of
        service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header data
        (bsc#978830.
    
      - CVE-2016-4537: The bcpowmod function in
        ext/bcmath/bcmath.c in PHP accepted a negative integer
        for the scale argument, which allowed remote attackers
        to cause a denial of service or possibly have
        unspecified other impact via a crafted call
        (bsc#978827).
    
      - CVE-2016-4538: The bcpowmod function in
        ext/bcmath/bcmath.c in PHP modified certain data
        structures without considering whether they are copies
        of the _zero_, _one_, or _two_ global variable, which
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via a crafted
        call (bsc#978827).
    
      - CVE-2016-4539: The xml_parse_into_struct function in
        ext/xml/xml.c in PHP allowed remote attackers to cause a
        denial of service (buffer under-read and segmentation
        fault) or possibly have unspecified other impact via
        crafted XML data in the second argument, leading to a
        parser level of zero (bsc#978828).
    
      - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles
        zero-length uncompressed data, which allowed remote
        attackers to cause a denial of service (heap memory
        corruption) or possibly have unspecified other impact
        via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive
        (bsc#977991).
    
      - CVE-2016-4346: Integer overflow in the str_pad function
        in ext/standard/string.c in PHP allowed remote attackers
        to cause a denial of service or possibly have
        unspecified other impact via a long string, leading to a
        heap-based buffer overflow (bsc#977994).
    
      - CVE-2016-4073: Multiple integer overflows in the
        mbfl_strcut function in
        ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed
        remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted mb_strcut call (bsc#977003).
    
      - CVE-2015-8867: The openssl_random_pseudo_bytes function
        in ext/openssl/openssl.c in PHP incorrectly relied on
        the deprecated RAND_pseudo_bytes function, which made it
        easier for remote attackers to defeat cryptographic
        protection mechanisms via unspecified vectors
        (bsc#977005).
    
      - CVE-2016-4070: Integer overflow in the
        php_raw_url_encode function in ext/standard/url.c in PHP
        allowed remote attackers to cause a denial of service
        (application crash) via a long string to the
        rawurlencode function (bsc#976997).
    
      - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM
        is used, did not isolate each thread from
        libxml_disable_entity_loader changes in other threads,
        which allowed remote attackers to conduct XML External
        Entity (XXE) and XML Entity Expansion (XEE) attacks via
        a crafted XML document, a related issue to CVE-2015-5161
        (bsc#976996).
    
      - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a
        client SSL option to mean that SSL is optional, which
        allowed man-in-the-middle attackers to spoof servers via
        a cleartext-downgrade attack, a related issue to
        CVE-2015-3152 (bsc#973792).
    
      - CVE-2015-8835: The make_http_soap_request function in
        ext/soap/php_http.c in PHP did not properly retrieve
        keys, which allowed remote attackers to cause a denial
        of service (NULL pointer dereference, type confusion,
        and application crash) or possibly execute arbitrary
        code via crafted serialized data representing a
        numerically indexed _cookies array, related to the
        SoapClient::__call method in ext/soap/soap.c
        (bsc#973351).
    
      - CVE-2016-3141: Use-after-free vulnerability in wddx.c in
        the WDDX extension in PHP allowed remote attackers to
        cause a denial of service (memory corruption and
        application crash) or possibly have unspecified other
        impact by triggering a wddx_deserialize call on XML data
        containing a crafted var element (bsc#969821).
    
      - CVE-2016-3142: The phar_parse_zipfile function in zip.c
        in the PHAR extension in PHP allowed remote attackers to
        obtain sensitive information from process memory or
        cause a denial of service (out-of-bounds read and
        application crash) by placing a PK\x05\x06 signature at
        an invalid location (bsc#971912).
    
      - CVE-2014-9767: Directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c in
        PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers
        to create arbitrary empty directories via a crafted ZIP
        archive (bsc#971612).
    
      - CVE-2016-3185: The make_http_soap_request function in
        ext/soap/php_http.c in PHP allowed remote attackers to
        obtain sensitive information from process memory or
        cause a denial of service (type confusion and
        application crash) via crafted serialized _cookies data,
        related to the SoapClient::__call method in
        ext/soap/soap.c (bsc#971611).
    
      - CVE-2016-2554: Stack-based buffer overflow in
        ext/phar/tar.c in PHP allowed remote attackers to cause
        a denial of service (application crash) or possibly have
        unspecified other impact via a crafted TAR archive
        (bsc#968284).
    
      - CVE-2015-7803: The phar_get_entry_data function in
        ext/phar/util.c in PHP allowed remote attackers to cause
        a denial of service (NULL pointer dereference and
        application crash) via a .phar file with a crafted TAR
        archive entry in which the Link indicator references a
        file that did not exist (bsc#949961).
    
      - CVE-2015-6831: Multiple use-after-free vulnerabilities
        in SPL in PHP allowed remote attackers to execute
        arbitrary code via vectors involving (1) ArrayObject,
        (2) SplObjectStorage, and (3) SplDoublyLinkedList, which
        are mishandled during unserialization (bsc#942291).
    
      - CVE-2015-6833: Directory traversal vulnerability in the
        PharData class in PHP allowed remote attackers to write
        to arbitrary files via a .. (dot dot) in a ZIP archive
        entry that is mishandled during an extractTo call
        (bsc#942296.
    
      - CVE-2015-6836: The SoapClient __call method in
        ext/soap/soap.c in PHP did not properly manage headers,
        which allowed remote attackers to execute arbitrary code
        via crafted serialized data that triggers a 'type
        confusion' in the serialize_function_call function
        (bsc#945428).
    
      - CVE-2015-6837: The xsl_ext_function_php function in
        ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
        not consider the possibility of a NULL valuePop return
        value proceeding with a free operation during initial
        error checking, which allowed remote attackers to cause
        a denial of service (NULL pointer dereference and
        application crash) via a crafted XML document, a
        different vulnerability than CVE-2015-6838 (bsc#945412).
    
      - CVE-2015-6838: The xsl_ext_function_php function in
        ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
        not consider the possibility of a NULL valuePop return
        value proceeding with a free operation after the
        principal argument loop, which allowed remote attackers
        to cause a denial of service (NULL pointer dereference
        and application crash) via a crafted XML document, a
        different vulnerability than CVE-2015-6837 (bsc#945412).
    
      - CVE-2015-5590: Stack-based buffer overflow in the
        phar_fix_filepath function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via a large
        length value, as demonstrated by mishandling of an
        e-mail attachment by the imap PHP extension
        (bsc#938719).
    
      - CVE-2015-5589: The phar_convert_to_other function in
        ext/phar/phar_object.c in PHP did not validate a file
        pointer a close operation, which allowed remote
        attackers to cause a denial of service (segmentation
        fault) or possibly have unspecified other impact via a
        crafted TAR archive that is mishandled in a
        Phar::convertToData call (bsc#938721).
    
      - CVE-2015-4602: The __PHP_Incomplete_Class function in
        ext/standard/incomplete_class.c in PHP allowed remote
        attackers to cause a denial of service (application
        crash) or possibly execute arbitrary code via an
        unexpected data type, related to a 'type confusion'
        issue (bsc#935224).
    
      - CVE-2015-4599: The SoapFault::__toString method in
        ext/soap/soap.c in PHP allowed remote attackers to
        obtain sensitive information, cause a denial of service
        (application crash), or possibly execute arbitrary code
        via an unexpected data type, related to a 'type
        confusion' issue (bsc#935226).
    
      - CVE-2015-4600: The SoapClient implementation in PHP
        allowed remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via an unexpected data type, related to 'type confusion'
        issues in the (1) SoapClient::__getLastRequest, (2)
        SoapClient::__getLastResponse, (3)
        SoapClient::__getLastRequestHeaders, (4)
        SoapClient::__getLastResponseHeaders, (5)
        SoapClient::__getCookies, and (6)
        SoapClient::__setCookie methods (bsc#935226).
    
      - CVE-2015-4601: PHP allowed remote attackers to cause a
        denial of service (application crash) or possibly
        execute arbitrary code via an unexpected data type,
        related to 'type confusion' issues in (1)
        ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and
        (3) ext/soap/soap.c, a different issue than
        CVE-2015-4600 (bsc#935226.
    
      - CVE-2015-4603: The exception::getTraceAsString function
        in Zend/zend_exceptions.c in PHP allowed remote
        attackers to execute arbitrary code via an unexpected
        data type, related to a 'type confusion' issue
        (bsc#935234).
    
      - CVE-2015-4644: The php_pgsql_meta_data function in
        pgsql.c in the PostgreSQL (aka pgsql) extension in PHP
        did not validate token extraction for table names, which
        might allowed remote attackers to cause a denial of
        service (NULL pointer dereference and application crash)
        via a crafted name. NOTE: this vulnerability exists
        because of an incomplete fix for CVE-2015-1352
        (bsc#935274).
    
      - CVE-2015-4643: Integer overflow in the ftp_genlist
        function in ext/ftp/ftp.c in PHP allowed remote FTP
        servers to execute arbitrary code via a long reply to a
        LIST command, leading to a heap-based buffer overflow.
        NOTE: this vulnerability exists because of an incomplete
        fix for CVE-2015-4022 (bsc#935275).
    
      - CVE-2015-3411: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read or write to arbitrary files via crafted input to
        an application that calls (1) a DOMDocument load method,
        (2) the xmlwriter_open_uri function, (3) the finfo_file
        function, or (4) the hash_hmac_file function, as
        demonstrated by a filename\0.xml attack that bypasses an
        intended configuration in which client users may read
        only .xml files (bsc#935227).
    
      - CVE-2015-3412: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read arbitrary files via crafted input to an
        application that calls the stream_resolve_include_path
        function in ext/standard/streamsfuncs.c, as demonstrated
        by a filename\0.extension attack that bypasses an
        intended configuration in which client users may read
        files with only one specific extension (bsc#935229).
    
      - CVE-2015-4598: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read or write to arbitrary files via crafted input to
        an application that calls (1) a DOMDocument save method
        or (2) the GD imagepsloadfont function, as demonstrated
        by a filename\0.html attack that bypasses an intended
        configuration in which client users may write to only
        .html files (bsc#935232).
    
      - CVE-2015-4148: The do_soap_call function in
        ext/soap/soap.c in PHP did not verify that the uri
        property is a string, which allowed remote attackers to
        obtain sensitive information by providing crafted
        serialized data with an int data type, related to a
        'type confusion' issue (bsc#933227).
    
      - CVE-2015-4024: Algorithmic complexity vulnerability in
        the multipart_buffer_headers function in main/rfc1867.c
        in PHP allowed remote attackers to cause a denial of
        service (CPU consumption) via crafted form data that
        triggers an improper order-of-growth outcome
        (bsc#931421).
    
      - CVE-2015-4026: The pcntl_exec implementation in PHP
        truncates a pathname upon encountering a \x00 character,
        which might allowed remote attackers to bypass intended
        extension restrictions and execute files with unexpected
        names via a crafted first argument. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2006-7243 (bsc#931776).
    
      - CVE-2015-4022: Integer overflow in the ftp_genlist
        function in ext/ftp/ftp.c in PHP allowed remote FTP
        servers to execute arbitrary code via a long reply to a
        LIST command, leading to a heap-based buffer overflow
        (bsc#931772).
    
      - CVE-2015-4021: The phar_parse_tarfile function in
        ext/phar/tar.c in PHP did not verify that the first
        character of a filename is different from the \0
        character, which allowed remote attackers to cause a
        denial of service (integer underflow and memory
        corruption) via a crafted entry in a tar archive
        (bsc#931769).
    
      - CVE-2015-3329: Multiple stack-based buffer overflows in
        the phar_set_inode function in phar_internal.h in PHP
        allowed remote attackers to execute arbitrary code via a
        crafted length value in a (1) tar, (2) phar, or (3) ZIP
        archive (bsc#928506).
    
      - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote
        attackers to obtain sensitive information from process
        memory or cause a denial of service (buffer over-read
        and application crash) via a crafted length value in
        conjunction with crafted serialized data in a phar
        archive, related to the phar_parse_metadata and
        phar_parse_pharfile functions (bsc#928511).
    
      - CVE-2015-2787: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages use of the unset
        function within an __wakeup function, a related issue to
        CVE-2015-0231 (bsc#924972).
    
      - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in
        GD 2.1.1 and earlier, as used in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via a crafted GIF image that is
        improperly handled by the gdImageCreateFromGif function
        (bsc#923945).
    
      - CVE-2015-2301: Use-after-free vulnerability in the
        phar_rename_archive function in phar_object.c in PHP
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via vectors that
        trigger an attempted renaming of a Phar archive to the
        name of an existing file (bsc#922452).
    
      - CVE-2015-2305: Integer overflow in the regcomp
        implementation in the Henry Spencer BSD regex library
        (aka rxspencer) 32-bit platforms might have allowed
        context-dependent attackers to execute arbitrary code
        via a large regular expression that leads to a
        heap-based buffer overflow (bsc#921950).
    
      - CVE-2014-9705: Heap-based buffer overflow in the
        enchant_broker_request_dict function in
        ext/enchant/enchant.c in PHP allowed remote attackers to
        execute arbitrary code via vectors that trigger creation
        of multiple dictionaries (bsc#922451).
    
      - CVE-2015-0273: Multiple use-after-free vulnerabilities
        in ext/date/php_date.c in PHP allowed remote attackers
        to execute arbitrary code via crafted serialized input
        containing a (1) R or (2) r type specifier in (a)
        DateTimeZone data handled by the
        php_date_timezone_initialize_from_hash function or (b)
        DateTime data handled by the
        php_date_initialize_from_hash function (bsc#918768).
    
      - CVE-2014-9652: The mconvert function in softmagic.c in
        file as used in the Fileinfo component in PHP did not
        properly handle a certain string-length field during a
        copy of a truncated version of a Pascal string, which
        might allowed remote attackers to cause a denial of
        service (out-of-bounds memory access and application
        crash) via a crafted file (bsc#917150).
    
      - CVE-2014-8142: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate keys within the serialized properties of an
        object, a different vulnerability than CVE-2004-1019
        (bsc#910659).
    
      - CVE-2015-0231: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate numerical keys within the serialized
        properties of an object. NOTE: this vulnerability exists
        because of an incomplete fix for CVE-2014-8142
        (bsc#910659).
    
      - CVE-2014-8142: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate keys within the serialized properties of an
        object, a different vulnerability than CVE-2004-1019
        (bsc#910659).
    
      - CVE-2015-0232: The exif_process_unicode function in
        ext/exif/exif.c in PHP allowed remote attackers to
        execute arbitrary code or cause a denial of service
        (uninitialized pointer free and application crash) via
        crafted EXIF data in a JPEG image (bsc#914690).
    
      - CVE-2014-3670: The exif_ifd_make_value function in
        exif.c in the EXIF extension in PHP operates on
        floating-point arrays incorrectly, which allowed remote
        attackers to cause a denial of service (heap memory
        corruption and application crash) or possibly execute
        arbitrary code via a crafted JPEG image with TIFF
        thumbnail data that is improperly handled by the
        exif_thumbnail function (bsc#902357).
    
      - CVE-2014-3669: Integer overflow in the object_custom
        function in ext/standard/var_unserializer.c in PHP
        allowed remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via an argument to the unserialize function that
        triggers calculation of a large length value
        (bsc#902360).
    
      - CVE-2014-3668: Buffer overflow in the date_from_ISO8601
        function in the mkgmtime implementation in
        libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP
        allowed remote attackers to cause a denial of service
        (application crash) via (1) a crafted first argument to
        the xmlrpc_set_type function or (2) a crafted argument
        to the xmlrpc_decode function, related to an
        out-of-bounds read operation (bsc#902368).
    
      - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR
        in PHP allowed local users to write to arbitrary files
        via a symlink attack on a (1) rest.cachefile or (2)
        rest.cacheid file in /tmp/pear/cache/, related to the
        retrieveCacheFirst and useLocalCache functions
        (bsc#893849).
    
      - CVE-2014-3597: Multiple buffer overflows in the
        php_parserr function in ext/standard/dns.c in PHP
        allowed remote DNS servers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted DNS record, related to the dns_get_record
        function and the dn_expand function. NOTE: this issue
        exists because of an incomplete fix for CVE-2014-4049
        (bsc#893853).
    
      - CVE-2014-4670: Use-after-free vulnerability in
        ext/spl/spl_dllist.c in the SPL component in PHP allowed
        context-dependent attackers to cause a denial of service
        or possibly have unspecified other impact via crafted
        iterator usage within applications in certain
        web-hosting environments (bsc#886059).
    
      - CVE-2014-4698: Use-after-free vulnerability in
        ext/spl/spl_array.c in the SPL component in PHP allowed
        context-dependent attackers to cause a denial of service
        or possibly have unspecified other impact via crafted
        ArrayIterator usage within applications in certain
        web-hosting environments (bsc#886060).
    
      - CVE-2014-4721: The phpinfo implementation in
        ext/standard/info.c in PHP did not ensure use of the
        string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE,
        PHP_AUTH_USER, and PHP_SELF variables, which might
        allowed context-dependent attackers to obtain sensitive
        information from process memory by using the integer
        data type with crafted values, related to a 'type
        confusion' vulnerability, as demonstrated by reading a
        private SSL key in an Apache HTTP Server web-hosting
        environment with mod_ssl and a PHP 5.3.x mod_php
        (bsc#885961).
    
      - CVE-2014-0207: The cdf_read_short_sector function in
        cdf.c in file as used in the Fileinfo component in PHP
        allowed remote attackers to cause a denial of service
        (assertion failure and application exit) via a crafted
        CDF file (bsc#884986).
    
      - CVE-2014-3478: Buffer overflow in the mconvert function
        in softmagic.c in file as used in the Fileinfo component
        in PHP allowed remote attackers to cause a denial of
        service (application crash) via a crafted Pascal string
        in a FILE_PSTRING conversion (bsc#884987).
    
      - CVE-2014-3479: The cdf_check_stream_offset function in
        cdf.c in file as used in the Fileinfo component in PHP
        relies on incorrect sector-size data, which allowed
        remote attackers to cause a denial of service
        (application crash) via a crafted stream offset in a CDF
        file (bsc#884989).
    
      - CVE-2014-3480: The cdf_count_chain function in cdf.c in
        file as used in the Fileinfo component in PHP did not
        properly validate sector-count data, which allowed
        remote attackers to cause a denial of service
        (application crash) via a crafted CDF file (bsc#884990).
    
      - CVE-2014-3487: The cdf_read_property_info function in
        file as used in the Fileinfo component in PHP did not
        properly validate a stream offset, which allowed remote
        attackers to cause a denial of service (application
        crash) via a crafted CDF file (bsc#884991).
    
      - CVE-2014-3515: The SPL component in PHP incorrectly
        anticipates that certain data structures will have the
        array data type after unserialization, which allowed
        remote attackers to execute arbitrary code via a crafted
        string that triggers use of a Hashtable destructor,
        related to 'type confusion' issues in (1) ArrayObject
        and (2) SPLObjectStorage (bsc#884992).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=885961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=886059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=886060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=893849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=893853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910659"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=914690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=917150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=918768"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=921950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=923945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=925109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=938719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=938721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=949961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=968284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971611"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2004-1019/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2006-7243/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3479/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3480/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3515/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3597/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3668/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3670/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4049/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4670/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4698/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4721/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5459/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8142/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9652/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9705/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9709/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9767/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0231/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0232/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0273/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1352/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2301/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2305/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2783/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2787/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3152/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3329/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3411/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3412/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4021/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4022/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4026/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4116/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4148/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4598/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4599/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4600/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4601/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4602/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4603/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4643/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4644/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5161/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5589/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5590/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6837/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6838/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7803/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8838/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8866/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8867/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8873/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3141/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3142/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4070/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4538/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4539/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4540/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4543/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4544/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5094/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5095/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5096/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5114/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc947fb9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP2-LTSS :
    
    zypper in -t patch slessp2-php53-12621=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", reference:"apache2-mod_php53-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bcmath-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bz2-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-calendar-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ctype-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-curl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dba-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dom-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-exif-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fastcgi-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fileinfo-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ftp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gd-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gettext-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gmp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-iconv-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-intl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-json-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ldap-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mbstring-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mcrypt-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mysql-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-odbc-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-openssl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pcntl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pdo-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pear-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pgsql-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pspell-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-shmop-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-snmp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-soap-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-suhosin-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvmsg-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvsem-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvshm-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-tokenizer-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-wddx-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlreader-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlrpc-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlwriter-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xsl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zip-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zlib-5.3.17-47.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3D675519565411E59AD814DAE9D210B8.NASL
    descriptionPHP reports : - Core : - Fixed bug #70172 (Use After Free Vulnerability in unserialize()). - Fixed bug #70219 (Use after free vulnerability in session deserializer). - EXIF : - Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). - hash : - Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). - PCRE : - Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). - SOAP : - Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). - SPL : - Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). - Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). - XSLT : - Fixed bug #69782 (NULL pointer dereference). - ZIP : - Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
    last seen2020-06-01
    modified2020-06-02
    plugin id85859
    published2015-09-09
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85859
    titleFreeBSD : php -- multiple vulnerabilities (3d675519-5654-11e5-9ad8-14dae9d210b8)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85859);
      script_version("2.7");
      script_cvs_date("Date: 2018/11/10 11:49:44");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"FreeBSD : php -- multiple vulnerabilities (3d675519-5654-11e5-9ad8-14dae9d210b8)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "PHP reports :
    
    - Core :
    
    - Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
    
    - Fixed bug #70219 (Use after free vulnerability in session
    deserializer).
    
    - EXIF :
    
    - Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD
    tag byte value of 32 bytes).
    
    - hash :
    
    - Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
    
    - PCRE :
    
    - Fixed bug #70345 (Multiple vulnerabilities related to PCRE
    functions).
    
    - SOAP :
    
    - Fixed bug #70388 (SOAP serialize_function_call() type confusion /
    RCE).
    
    - SPL :
    
    - Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
    SplObjectStorage).
    
    - Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
    SplDoublyLinkedList).
    
    - XSLT :
    
    - Fixed bug #69782 (NULL pointer dereference).
    
    - ZIP :
    
    - Fixed bug #70350 (ZipArchive::extractTo allows for directory
    traversal when creating directories)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://php.net/ChangeLog-5.php#5.4.45"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://php.net/ChangeLog-5.php#5.5.29"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://php.net/ChangeLog-5.php#5.6.13"
      );
      # https://vuxml.freebsd.org/freebsd/3d675519-5654-11e5-9ad8-14dae9d210b8.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?27403633"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php56-xsl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"php5<5.4.45")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php5-soap<5.4.45")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php5-xsl<5.4.45")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php55<5.5.29")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php55-soap<5.5.29")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php55-xsl<5.5.29")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php56<5.6.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php56-soap<5.6.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php56-xsl<5.6.13")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-670.NASL
    descriptionA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837 , CVE-2015-6838) A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)
    last seen2020-06-01
    modified2020-06-02
    plugin id89967
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89967
    titleAmazon Linux AMI : php54 (ALAS-2016-670)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-670.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89967);
      script_version("2.4");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"ALAS", value:"2016-670");
    
      script_name(english:"Amazon Linux AMI : php54 (ALAS-2016-670)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference flaw was found in the XSLTProcessor class
    in PHP. An attacker could use this flaw to cause a PHP application to
    crash if it performed Extensible Stylesheet Language (XSL)
    transformations using untrusted XSLT files and allowed the use of PHP
    functions to be used as XSLT functions within XSL stylesheets.
    (CVE-2015-6837 , CVE-2015-6838)
    
    A flaw was discovered in the way PHP performed object unserialization.
    Specially crafted input processed by the unserialize() function could
    cause a PHP application to crash or, possibly, execute arbitrary code.
    (CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-670.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php54' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php54-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-cli-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-common-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-dba-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-devel-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-gd-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-imap-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-intl-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-process-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-recode-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-soap-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-xml-5.4.45-1.75.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.45-1.75.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1633-1.NASL
    descriptionThis update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] - CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] - CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] - CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] - CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Bugfixes : - Compare with SQL_NULL_DATA correctly [bnc#935074] - If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302) Also the Suhosin framework was updated to 0.9.38. [fate#319325] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119971
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119971
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1633-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119971);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of PHP5 brings several security fixes.
    
    Security fixes :
    
      - CVE-2015-6831: A use after free vulnerability in
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#942291]
        [bnc#942294] [bnc#942295]
    
      - CVE-2015-6832: A dangling pointer in the unserialization
        of ArrayObject items could be used to crash php or
        potentially execute code. [bnc#942293]
    
      - CVE-2015-6833: A directory traversal when extracting ZIP
        files could be used to overwrite files outside of
        intended area. [bnc#942296]
    
      - CVE-2015-6834: A Use After Free Vulnerability in
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#945403]
    
      - CVE-2015-6835: A Use After Free Vulnerability in session
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#945402]
    
      - CVE-2015-6836: A SOAP serialize_function_call() type
        confusion leading to remote code execution problem was
        fixed. [bnc#945428]
    
      - CVE-2015-6837 CVE-2015-6838: Two NULL pointer
        dereferences in the XSLTProcessor class were fixed.
        [bnc#945412]
    
    Bugfixes :
    
      - Compare with SQL_NULL_DATA correctly [bnc#935074]
    
      - If MD5 was disabled in net-snmp we have to disable the
        used MD5 function in ext/snmp/snmp.c as well.
        (bsc#944302)
    
    Also the Suhosin framework was updated to 0.9.38. [fate#319325]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=944302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6832/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6834/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6837/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6838/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151633-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?297d28d0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-603=1
    
    SUSE Linux Enterprise Module for Web Scripting 12 :
    
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-603=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6836");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-36.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-36.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1818-1.NASL
    descriptionThis update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module : - compare with SQL_NULL_DATA correctly [bnc#935074] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86616
    published2015-10-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86616
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2015:1818-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1818-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86616);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1818-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of PHP5 brings several security fixes.
    
    Security fixes :
    
      - CVE-2015-6831: A use after free vulnerability in
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#942291]
        [bnc#942294] [bnc#942295]
    
      - CVE-2015-6836: A SOAP serialize_function_call() type
        confusion leading to remote code execution problem was
        fixed. [bnc#945428]
    
      - CVE-2015-6837 CVE-2015-6838: Two NULL pointer
        dereferences in the XSLTProcessor class were fixed.
        [bnc#945412]
    
    It also includes a bugfix for the odbc module :
    
      - compare with SQL_NULL_DATA correctly [bnc#935074]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6837/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6838/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151818-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?db1bd10e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4 :
    
    zypper in -t patch sdksp4-php53-12163=1
    
    SUSE Linux Enterprise Software Development Kit 11-SP3 :
    
    zypper in -t patch sdksp3-php53-12163=1
    
    SUSE Linux Enterprise Server for VMWare 11-SP3 :
    
    zypper in -t patch slessp3-php53-12163=1
    
    SUSE Linux Enterprise Server 11-SP4 :
    
    zypper in -t patch slessp4-php53-12163=1
    
    SUSE Linux Enterprise Server 11-SP3 :
    
    zypper in -t patch slessp3-php53-12163=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4 :
    
    zypper in -t patch dbgsp4-php53-12163=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3 :
    
    zypper in -t patch dbgsp3-php53-12163=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-mod_php53-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bcmath-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bz2-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-calendar-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ctype-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-curl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dba-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dom-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-exif-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fastcgi-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fileinfo-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ftp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gd-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gettext-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gmp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-iconv-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-intl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-json-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ldap-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mbstring-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mcrypt-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mysql-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-odbc-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-openssl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pcntl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pdo-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pear-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pgsql-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pspell-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-shmop-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-snmp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-soap-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-suhosin-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvmsg-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvsem-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvshm-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-tokenizer-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-wddx-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlreader-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlrpc-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlwriter-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xsl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zip-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zlib-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-mod_php53-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bcmath-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bz2-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-calendar-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ctype-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-curl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dba-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dom-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-exif-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fastcgi-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fileinfo-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ftp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gd-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gettext-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gmp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-iconv-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-intl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-json-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ldap-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mbstring-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mcrypt-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mysql-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-odbc-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-openssl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pcntl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pdo-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pear-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pgsql-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pspell-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-shmop-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-snmp-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-soap-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-suhosin-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvmsg-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvsem-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvshm-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-tokenizer-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-wddx-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlreader-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlrpc-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlwriter-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xsl-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zip-5.3.17-48.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zlib-5.3.17-48.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14978.NASL
    description03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol) **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-21
    plugin id86030
    published2015-09-21
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86030
    titleFedora 23 : php-5.6.13-1.fc23 (2015-14978)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-14978.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86030);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"FEDORA", value:"2015-14978");
    
      script_name(english:"Fedora 23 : php-5.6.13-1.fc23 (2015-14978)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long
    timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST
    data). (cmb) * Fixed bug #70198 (Checking liveness does not work as
    expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use
    After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219
    (Use after free vulnerability in session deserializer). (taoguangchen
    at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets
    HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
    #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug
    #70266 (DateInterval::__construct.interval_spec is not supposed to be
    optional). (cmb)
    
      - Fixed bug #70277 (new DateTimeZone($foo) is ignoring
        text after null byte). (cmb) **EXIF:** * Fixed bug
        #70385 (Buffer over-read in exif_read_data with TIFF IFD
        tag byte value of 32 bytes). (Stas) **hash:** * Fixed
        bug #70312 (HAVAL gives wrong hashes in specific cases).
        (letsgolee at naver dot com) **MCrypt:** * Fixed bug
        #69833 (mcrypt fd caching not working). (Anatol)
        **Opcache:** * Fixed bug #70237 (Empty while and
        do-while segmentation fault with opcode on CLI enabled).
        (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
        (Incorrect bump-along behavior with \K and empty string
        match). (cmb) * Fixed bug #70345 (Multiple
        vulnerabilities related to PCRE functions). (Anatol
        Belski) **SOAP:** * Fixed bug #70388 (SOAP
        serialize_function_call() type confusion / RCE). (Stas)
        **SPL:** * Fixed bug #70290 (NULL pointer deref
        (segfault) in spl_autoload via ob_start). (hugh at
        allthethings dot co dot nz) * Fixed bug #70303
        (Incorrect constructor reflection for ArrayObject).
        (cmb) * Fixed bug #70365 (Use-after-free vulnerability
        in unserialize() with SplObjectStorage). (taoguangchen
        at icloud dot com) * Fixed bug #70366 (Use-after-free
        vulnerability in unserialize() with
        SplDoublyLinkedList). (taoguangchen at icloud dot com)
        **Standard:** * Fixed bug #70052 (getimagesize() fails
        for very large and very small WBMP). (cmb) * Fixed bug
        #70157 (parse_ini_string() segmentation fault with
        INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782
        (NULL pointer dereference). (Stas)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260748"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166632.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bfa72a25"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"php-5.6.13-1.fc23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-609.NASL
    descriptionThe PHP5 script interpreter was updated to fix various security issues : - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] - CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] - CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] - CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] - CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412]
    last seen2020-06-05
    modified2015-09-28
    plugin id86183
    published2015-09-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86183
    titleopenSUSE Security Update : php5 (openSUSE-2015-609)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-609.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86183);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2015-609)");
      script_summary(english:"Check for the openSUSE-2015-609 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PHP5 script interpreter was updated to fix various security 
    issues :
    
      - CVE-2015-6831: A use after free vulnerability in
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#942291]
        [bnc#942294] [bnc#942295]
    
      - CVE-2015-6832: A dangling pointer in the unserialization
        of ArrayObject items could be used to crash php or
        potentially execute code. [bnc#942293]
    
      - CVE-2015-6833: A directory traversal when extracting ZIP
        files could be used to overwrite files outside of
        intended area. [bnc#942296]
    
      - CVE-2015-6834: A Use After Free Vulnerability in
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#945403] 
    
      - CVE-2015-6835: A Use After Free Vulnerability in session
        unserialize() has been fixed which could be used to
        crash php or potentially execute code. [bnc#945402]
    
      - CVE-2015-6836: A SOAP serialize_function_call() type
        confusion leading to remote code execution problem was
        fixed. [bnc#945428]
    
      - CVE-2015-6837 CVE-2015-6838: Two NULL pointer
        dereferences in the XSLTProcessor class were fixed.
        [bnc#945412]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=945402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=945403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=945428"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-debugsource-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-devel-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-json-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-json-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pear-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-debuginfo-5.4.20-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-36.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-36.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL17377.NASL
    descriptionUse after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely.
    last seen2020-06-01
    modified2020-06-02
    plugin id91433
    published2016-06-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91433
    titleF5 Networks BIG-IP : PHP vulnerabilities (SOL17377)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution SOL17377.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91433);
      script_version("2.6");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"F5 Networks BIG-IP : PHP vulnerabilities (SOL17377)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Use after free vulnerability was found in unserialize() function. We
    can create ZVAL and free it via Serializable::unserialize. However the
    unserialize() will still allow to use R: or r: to set references to
    that already freed memory. It is possible to use-after-free attack and
    execute arbitrary code remotely."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K17377"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution SOL17377."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "SOL17377";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0","11.6.0","11.3.0-11.5.3");
    vmatrix["AFM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0","11.6.0","11.4.0-11.5.3");
    vmatrix["AM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0","11.6.0","11.0.0-11.5.3","10.1.0-10.2.4");
    vmatrix["APM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0","11.6.0","11.0.0-11.5.3","10.1.0-10.2.4");
    vmatrix["ASM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0","11.6.0","11.0.0-11.5.3");
    vmatrix["AVR"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.6.0","11.0.0-11.5.3","10.1.0-10.2.4");
    vmatrix["GTM"]["unaffected"] = make_list("11.6.1","11.5.4");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0","11.6.0","11.0.0-11.5.3","10.1.0-10.2.4");
    vmatrix["LC"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0","11.6.0","11.0.0-11.5.3","10.1.0-10.2.4");
    vmatrix["LTM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0","11.6.0","11.3.0-11.5.3");
    vmatrix["PEM"]["unaffected"] = make_list("12.1.0","11.6.1","11.5.4");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1701-1.NASL
    descriptionThe PHP5 script interpreter was updated to fix security issues : - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86340
    published2015-10-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86340
    titleSUSE SLES11 Security Update : php5 (SUSE-SU-2015:1701-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1701-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86340);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
    
      script_name(english:"SUSE SLES11 Security Update : php5 (SUSE-SU-2015:1701-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PHP5 script interpreter was updated to fix security issues :
    
      - CVE-2015-6836: A SOAP serialize_function_call() type
        confusion leading to remote code execution problem was
        fixed. [bnc#945428]
    
      - CVE-2015-6837 CVE-2015-6838: Two NULL pointer
        dereferences in the XSLTProcessor class were fixed.
        [bnc#945412]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6837/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6838/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151701-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?28669fc0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP2-LTSS :
    
    zypper in -t patch slessp2-php5-12121=1
    
    SUSE Linux Enterprise Debuginfo 11-SP2 :
    
    zypper in -t patch dbgsp2-php5-12121=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dbase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-hash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", reference:"apache2-mod_php5-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-bcmath-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-bz2-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-calendar-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-ctype-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-curl-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-dba-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-dbase-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-dom-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-exif-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-fastcgi-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-ftp-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-gd-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-gettext-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-gmp-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-hash-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-iconv-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-json-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-ldap-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-mbstring-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-mcrypt-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-mysql-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-odbc-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-openssl-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-pcntl-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-pdo-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-pear-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-pgsql-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-pspell-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-shmop-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-snmp-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-soap-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-suhosin-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-sysvmsg-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-sysvsem-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-sysvshm-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-tokenizer-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-wddx-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-xmlreader-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-xmlrpc-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-xmlwriter-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-xsl-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-zip-5.2.14-0.7.30.72.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php5-zlib-5.2.14-0.7.30.72.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2758-1.NASL
    descriptionIt was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-5589) It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5590) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6831, CVE-2015-6834, CVE-2015-6835 Sean Heelan discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6832) It was discovered that the PHP phar extension incorrectly handled certain archives. A remote attacker could use this issue to cause files to be placed outside of the destination directory. (CVE-2015-6833) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6836) It was discovered that the PHP XSLTProcessor class incorrectly handled certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-6837). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86221
    published2015-10-01
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86221
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2758-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86221);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"USN", value:"2758-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the PHP phar extension incorrectly handled
    certain files. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service. (CVE-2015-5589)
    
    It was discovered that the PHP phar extension incorrectly handled
    certain filepaths. A remote attacker could use this issue to cause PHP
    to crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2015-5590)
    
    Taoguang Chen discovered that PHP incorrectly handled unserializing
    objects. A remote attacker could use this issue to cause PHP to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2015-6831, CVE-2015-6834, CVE-2015-6835
    
    Sean Heelan discovered that PHP incorrectly handled unserializing
    objects. A remote attacker could use this issue to cause PHP to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2015-6832)
    
    It was discovered that the PHP phar extension incorrectly handled
    certain archives. A remote attacker could use this issue to cause
    files to be placed outside of the destination directory.
    (CVE-2015-6833)
    
    Andrea Palazzo discovered that the PHP Soap client incorrectly
    validated data types. A remote attacker could use this issue to cause
    PHP to crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2015-6836)
    
    It was discovered that the PHP XSLTProcessor class incorrectly handled
    certain data. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service. (CVE-2015-6837).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2758-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.20")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.20")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.20")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.20")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libapache2-mod-php5", pkgver:"5.6.4+dfsg-4ubuntu6.3")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-cgi", pkgver:"5.6.4+dfsg-4ubuntu6.3")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-cli", pkgver:"5.6.4+dfsg-4ubuntu6.3")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-fpm", pkgver:"5.6.4+dfsg-4ubuntu6.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_5_29.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.29. It is, therefore, affected by the following vulnerabilities : - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive. (CVE-2014-9767) - Multiple use-after-free memory errors exist related to the unserialize() function. A remote attacker can exploit these errors to execute arbitrary code. (CVE-2015-6834) - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835) - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field. A remote attacker can exploit this to have unspecified impact. (CVE-2015-6836) - Multiple flaws exist in the XSLTProcessor class due to improper validation of input from the libxslt library. A remote attacker can exploit thse flaws to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838) - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id85886
    published2015-09-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85886
    titlePHP 5.5.x < 5.5.29 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85886);
      script_version("1.18");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-9767",
        "CVE-2015-6834",
        "CVE-2015-6835",
        "CVE-2015-6836",
        "CVE-2015-6837",
        "CVE-2015-6838"
      );
      script_bugtraq_id(
        76644,
        76649,
        76652,
        76733,
        76734,
        76738
      );
    
      script_name(english:"PHP 5.5.x < 5.5.29 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.5.x prior to 5.5.29. It is, therefore, affected by the
    following vulnerabilities :
    
      - A directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c
        could allow a remote attacker to create arbitrary
        empty directories via a crafted ZIP archive.
        (CVE-2014-9767)
    
      - Multiple use-after-free memory errors exist related to
        the unserialize() function. A remote attacker can
        exploit these errors to execute arbitrary code.
        (CVE-2015-6834)
    
      - A use-after-free memory error exists related to the
        php_var_unserialize() function. A remote attacker, using
        a crafted serialize string, can exploit this to execute
        arbitrary code. (CVE-2015-6835)
    
      - A type confusion error exists related to the
        serialize_function_call() function due to improper
        validation of the headers field. A remote attacker can
        exploit this to have unspecified impact. (CVE-2015-6836)
    
      - Multiple flaws exist in the XSLTProcessor class due to
        improper validation of input from the libxslt library. A
        remote attacker can exploit thse flaws to have an
        unspecified impact. (CVE-2015-6837, CVE-2015-6838)
    
      - A flaw exists in the php_zip_extract_file() function
        in file php_zip.c due to improper sanitization of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to create arbitrary directories outside
        of the restricted path.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.5.29");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.5.29 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6836");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/10");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.5)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.5\.") audit(AUDIT_NOT_DETECT, "PHP version 5.5.x", port);
    
    if (version =~ "^5\.5\.([0-9]|1[0-9]|2[0-8])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 5.5.29' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14977.NASL
    description03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol) **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-15
    plugin id85934
    published2015-09-15
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85934
    titleFedora 22 : php-5.6.13-1.fc22 (2015-14977)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-14977.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85934);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"FEDORA", value:"2015-14977");
    
      script_name(english:"Fedora 22 : php-5.6.13-1.fc22 (2015-14977)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long
    timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST
    data). (cmb) * Fixed bug #70198 (Checking liveness does not work as
    expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use
    After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219
    (Use after free vulnerability in session deserializer). (taoguangchen
    at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets
    HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
    #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug
    #70266 (DateInterval::__construct.interval_spec is not supposed to be
    optional). (cmb)
    
      - Fixed bug #70277 (new DateTimeZone($foo) is ignoring
        text after null byte). (cmb) **EXIF:** * Fixed bug
        #70385 (Buffer over-read in exif_read_data with TIFF IFD
        tag byte value of 32 bytes). (Stas) **hash:** * Fixed
        bug #70312 (HAVAL gives wrong hashes in specific cases).
        (letsgolee at naver dot com) **MCrypt:** * Fixed bug
        #69833 (mcrypt fd caching not working). (Anatol)
        **Opcache:** * Fixed bug #70237 (Empty while and
        do-while segmentation fault with opcode on CLI enabled).
        (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
        (Incorrect bump-along behavior with \K and empty string
        match). (cmb) * Fixed bug #70345 (Multiple
        vulnerabilities related to PCRE functions). (Anatol
        Belski) **SOAP:** * Fixed bug #70388 (SOAP
        serialize_function_call() type confusion / RCE). (Stas)
        **SPL:** * Fixed bug #70290 (NULL pointer deref
        (segfault) in spl_autoload via ob_start). (hugh at
        allthethings dot co dot nz) * Fixed bug #70303
        (Incorrect constructor reflection for ArrayObject).
        (cmb) * Fixed bug #70365 (Use-after-free vulnerability
        in unserialize() with SplObjectStorage). (taoguangchen
        at icloud dot com) * Fixed bug #70366 (Use-after-free
        vulnerability in unserialize() with
        SplDoublyLinkedList). (taoguangchen at icloud dot com)
        **Standard:** * Fixed bug #70052 (getimagesize() fails
        for very large and very small WBMP). (cmb) * Fixed bug
        #70157 (parse_ini_string() segmentation fault with
        INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782
        (NULL pointer dereference). (Stas)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1260748"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166357.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a6eb2851"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"php-5.6.13-1.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3358.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to new upstream versions (5.4.45 and 5.6.13), which include additional bug fixes. Please refer to the upstream changelog for more information : - https://php.net/ChangeLog-5.php#5.4.45 - https://php.net/ChangeLog-5.php#5.6.13
    last seen2020-06-01
    modified2020-06-02
    plugin id85914
    published2015-09-14
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85914
    titleDebian DSA-3358-1 : php5 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3358. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85914);
      script_version("2.13");
      script_cvs_date("Date: 2018/12/18 10:18:58");
    
      script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
      script_xref(name:"DSA", value:"3358");
    
      script_name(english:"Debian DSA-3358-1 : php5 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were found in PHP, a general-purpose scripting
    language commonly used for web application development.
    
    The vulnerabilities are addressed by upgrading PHP to new upstream
    versions (5.4.45 and 5.6.13), which include additional bug fixes.
    Please refer to the upstream changelog for more information :
    
      - https://php.net/ChangeLog-5.php#5.4.45
      - https://php.net/ChangeLog-5.php#5.6.13"
      );
      # https://php.net/ChangeLog-5.php#5.4.45
      script_set_attribute(
        attribute:"see_also",
        value:"https://secure.php.net/ChangeLog-5.php#5.4.45"
      );
      # https://php.net/ChangeLog-5.php#5.6.13
      script_set_attribute(
        attribute:"see_also",
        value:"https://secure.php.net/ChangeLog-5.php#5.6.13"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/php5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/php5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3358"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the php5 packages.
    
    For the oldstable distribution (wheezy), these problems have been
    fixed in version 5.4.45-0+deb7u1.
    
    
    For the stable distribution (jessie), these problems have been fixed
    in version 5.6.13+dfsg-0+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libapache2-mod-php5", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libapache2-mod-php5filter", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libphp5-embed", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php-pear", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-cgi", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-cli", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-common", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-curl", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-dbg", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-dev", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-enchant", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-fpm", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-gd", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-gmp", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-imap", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-interbase", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-intl", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-ldap", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mcrypt", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mysql", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mysqlnd", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-odbc", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-pgsql", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-pspell", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-recode", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-snmp", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-sqlite", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-sybase", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-tidy", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-xmlrpc", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-xsl", reference:"5.4.45-0+deb7u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libapache2-mod-php5", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libapache2-mod-php5filter", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libphp5-embed", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php-pear", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-cgi", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-cli", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-common", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-curl", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-dbg", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-dev", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-enchant", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-fpm", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-gd", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-gmp", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-imap", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-interbase", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-intl", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-ldap", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-mcrypt", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-mysql", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-mysqlnd", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-odbc", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-pgsql", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-phpdbg", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-pspell", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-readline", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-recode", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-snmp", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-sqlite", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-sybase", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-tidy", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-xmlrpc", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"php5-xsl", reference:"5.6.13+dfsg-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11_1.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id86654
    published2015-10-29
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86654
    titleMac OS X < 10.11.1 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idPHP_5_5_28.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist in spl_array.c, spl_observer.c, and spl_dllist.c due to improper sanitization of input to the unserialize() function. An attacker can exploit these issues, by using a specially crafted SplDoublyLinkedList, SplArrayObject, or SplObjectStorage object, to deference freed memory and thus execute arbitrary code. (CVE-2015-6831) - A dangling pointer error exists in file spl_array.c due to improper sanitization of input to the unserialize() function. An attacker can exploit this, by using a specially crafted SplDoublyLinkedList object, to gain control over a deallocated pointer and thus execute arbitrary code. (CVE-2015-6832) - A path traversal flaw exists in file phar_object.c due to improper sanitization of user-supplied input. An attacker can exploit this to write arbitrary files. (CVE-2015-6833) - A type confusion flaw exists in the serialize_function_call() function in soap.c due to improper validation of input passed via the header field. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6836) - Multiple type confusion flaws exist in the _call() method in file php_http.c when handling calls for zend_hash_get_current_key or
    last seen2020-06-01
    modified2020-06-02
    plugin id85299
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85299
    titlePHP 5.5.x < 5.5.28 Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-602.NASL
    descriptionAs reported upstream, A NULL pointer dereference flaw was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id86496
    published2015-10-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86496
    titleAmazon Linux AMI : php55 (ALAS-2015-602)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1543.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025) - An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669) - It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348) - An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124996
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124996
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)
  • NASL familyCGI abuses
    NASL idPHP_5_4_45.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.4.x prior to 5.4.45. It is, therefore, affected by the following vulnerabilities : - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive. (CVE-2014-9767) - Multiple use-after-free memory errors exist related to the unserialize() function. A remote attacker can exploit these errors to execute arbitrary code. (CVE-2015-6834) - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835) - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field. A remote attacker can exploit this to have unspecified impact. (CVE-2015-6836) - Multiple flaws exist in the XSLTProcessor class due to improper validation of input from the libxslt library. A remote attacker can exploit thse flaws to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838) - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id85885
    published2015-09-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85885
    titlePHP 5.4.x < 5.4.45 Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-601.NASL
    descriptionAs reported upstream, A NULL pointer dereference flaw was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id86495
    published2015-10-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86495
    titleAmazon Linux AMI : php56 (ALAS-2015-601)

Redhat

rpms
  • rh-php56-php-0:5.6.5-8.el6
  • rh-php56-php-0:5.6.5-8.el7
  • rh-php56-php-bcmath-0:5.6.5-8.el6
  • rh-php56-php-bcmath-0:5.6.5-8.el7
  • rh-php56-php-cli-0:5.6.5-8.el6
  • rh-php56-php-cli-0:5.6.5-8.el7
  • rh-php56-php-common-0:5.6.5-8.el6
  • rh-php56-php-common-0:5.6.5-8.el7
  • rh-php56-php-dba-0:5.6.5-8.el6
  • rh-php56-php-dba-0:5.6.5-8.el7
  • rh-php56-php-dbg-0:5.6.5-8.el6
  • rh-php56-php-dbg-0:5.6.5-8.el7
  • rh-php56-php-debuginfo-0:5.6.5-8.el6
  • rh-php56-php-debuginfo-0:5.6.5-8.el7
  • rh-php56-php-devel-0:5.6.5-8.el6
  • rh-php56-php-devel-0:5.6.5-8.el7
  • rh-php56-php-embedded-0:5.6.5-8.el6
  • rh-php56-php-embedded-0:5.6.5-8.el7
  • rh-php56-php-enchant-0:5.6.5-8.el6
  • rh-php56-php-enchant-0:5.6.5-8.el7
  • rh-php56-php-fpm-0:5.6.5-8.el6
  • rh-php56-php-fpm-0:5.6.5-8.el7
  • rh-php56-php-gd-0:5.6.5-8.el6
  • rh-php56-php-gd-0:5.6.5-8.el7
  • rh-php56-php-gmp-0:5.6.5-8.el6
  • rh-php56-php-gmp-0:5.6.5-8.el7
  • rh-php56-php-imap-0:5.6.5-8.el6
  • rh-php56-php-intl-0:5.6.5-8.el6
  • rh-php56-php-intl-0:5.6.5-8.el7
  • rh-php56-php-ldap-0:5.6.5-8.el6
  • rh-php56-php-ldap-0:5.6.5-8.el7
  • rh-php56-php-mbstring-0:5.6.5-8.el6
  • rh-php56-php-mbstring-0:5.6.5-8.el7
  • rh-php56-php-mysqlnd-0:5.6.5-8.el6
  • rh-php56-php-mysqlnd-0:5.6.5-8.el7
  • rh-php56-php-odbc-0:5.6.5-8.el6
  • rh-php56-php-odbc-0:5.6.5-8.el7
  • rh-php56-php-opcache-0:5.6.5-8.el6
  • rh-php56-php-opcache-0:5.6.5-8.el7
  • rh-php56-php-pdo-0:5.6.5-8.el6
  • rh-php56-php-pdo-0:5.6.5-8.el7
  • rh-php56-php-pgsql-0:5.6.5-8.el6
  • rh-php56-php-pgsql-0:5.6.5-8.el7
  • rh-php56-php-process-0:5.6.5-8.el6
  • rh-php56-php-process-0:5.6.5-8.el7
  • rh-php56-php-pspell-0:5.6.5-8.el6
  • rh-php56-php-pspell-0:5.6.5-8.el7
  • rh-php56-php-recode-0:5.6.5-8.el6
  • rh-php56-php-recode-0:5.6.5-8.el7
  • rh-php56-php-snmp-0:5.6.5-8.el6
  • rh-php56-php-snmp-0:5.6.5-8.el7
  • rh-php56-php-soap-0:5.6.5-8.el6
  • rh-php56-php-soap-0:5.6.5-8.el7
  • rh-php56-php-tidy-0:5.6.5-8.el6
  • rh-php56-php-xml-0:5.6.5-8.el6
  • rh-php56-php-xml-0:5.6.5-8.el7
  • rh-php56-php-xmlrpc-0:5.6.5-8.el6
  • rh-php56-php-xmlrpc-0:5.6.5-8.el7