Vulnerabilities > CVE-2015-8874 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
opensuse
php
CWE-119
nessus

Summary

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

Vulnerable Configurations

Part Description Count
OS
Opensuse
1
Application
Php
762

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyCGI abuses
    NASL idPHP_7_0_0.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.x prior to 7.0.0. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability in the ZipArchive::extractTo function of ext/zip/php_zip.c script. An unauthenticated, remote attacker can exploit this, by sending a crafted ZIP archive with empty directories, to disclose the contents of files located outside of the server
    last seen2020-06-01
    modified2020-06-02
    plugin id122536
    published2019-03-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122536
    titlePHP 7.0.x < 7.0.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122536);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/31 15:18:51");
    
      script_cve_id(
        "CVE-2014-9767",
        "CVE-2015-8867",
        "CVE-2015-8874",
        "CVE-2015-8879"
      );
      script_bugtraq_id(
        76652,
        87481,
        90714,
        90842
      );
    
      script_name(english:"PHP 7.0.x < 7.0.0 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by 
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 7.x prior to 7.0.0. It is, therefore, affected by the
    following vulnerabilities:
    
      - A directory traversal vulnerability in the
        ZipArchive::extractTo function of ext/zip/php_zip.c
        script. An unauthenticated, remote attacker can exploit
        this, by sending a crafted ZIP archive with empty
        directories, to disclose the contents of files located
        outside of the server's restricted path. (CVE-2014-9767)
    
      - The openssl_random_pseudo_bytes() function in file
        openssl.c does not generate sufficiently random numbers.
        This allows an attacker to more easily predict the
        results, thus allowing further attacks to be carried
        out. (CVE-2015-8867)
    
      - A denial of service (DoS) vulnerability exists in the GD
        graphics library in the gdImageFillToBorder() function
        within file gd.c when handling crafted images that have
        an overly large negative coordinate. An unauthenticated,
        remote attacker can exploit this, via a crafted image,
        to crash processes linked against the library.
        (CVE-2015-8874)
    
      - A denial of service (DoS) vulnerability exists in
        odbc_bindcols function of the ext/odbc/php_odbc.c script
        due to mishandling driver behavior for SQL_WVARCHAR
        columns. An unauthenticated, remote attacker can exploit
        this issue, via the use of odbc_fetch_array function, to
        cause the application to stop responding. (CVE-2015-8879)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.0.0");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 7.0.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8867");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    vcf::php::initialize();
    
    port = get_http_port(default:80, php:TRUE);
    
    app_info = vcf::php::get_app_info(port:port);
    
    constraints = [
      { "min_version" : "7.0.0alpha0", "fixed_version" : "7.0.0" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-728.NASL
    descriptionA stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874) An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id92663
    published2016-08-02
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92663
    titleAmazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-728.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92663);
      script_version("2.9");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773");
      script_xref(name:"ALAS", value:"2016-728");
    
      script_name(english:"Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack consumption vulnerability in GD in PHP allows remote attackers
    to cause a denial of service via a crafted imagefilltoborder call.
    (CVE-2015-8874)
    
    An integer overflow, leading to a heap-based buffer overflow was found
    in the imagecreatefromgd2() function of PHP's gd extension. A remote
    attacker could use this flaw to crash a PHP application or execute
    arbitrary code with the privileges of the user running that PHP
    application, using gd via a specially crafted GD2 image.
    (CVE-2016-5766)
    
    An integer overflow, leading to a heap-based buffer overflow was found
    in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
    remote attacker could use this flaw to crash a PHP application or
    execute arbitrary code with the privileges of the user running that
    PHP application, using gd via a specially crafted image buffer.
    (CVE-2016-5767)
    
    A double free flaw was found in the mb_ereg_replace_callback()
    function of php which is used to perform regex search. This flaw could
    possibly cause a PHP application to crash. (CVE-2016-5768)
    
    The mcrypt_generic() and mdecrypt_generic() functions are prone to
    integer overflows, resulting in a heap-based overflow. A remote
    attacker could use this flaw to crash a PHP application or execute
    arbitrary code with the privileges of the user running that PHP
    application. (CVE-2016-5769)
    
    A type confusion issue was found in the SPLFileObject fread()
    function. A remote attacker able to submit a specially crafted input
    to a PHP application, which uses this function, could use this flaw to
    execute arbitrary code with the privileges of the user running that
    PHP application. (CVE-2016-5770)
    
    A use-after-free vulnerability that can occur when calling
    unserialize() on untrusted input was discovered. A remote attacker
    could use this flaw to crash a PHP application or execute arbitrary
    code with the privileges of the user running that PHP application if
    the application unserializes untrusted input. (CVE-2016-5771 ,
    CVE-2016-5773)
    
    A double free can occur in wddx_deserialize() when trying to
    deserialize malicious XML input from user's request. This flaw could
    possibly cause a PHP application to crash. (CVE-2016-5772)
    
    It was discovered that PHP did not properly protect against the
    HTTP_PROXY variable name clash. A remote attacker could possibly use
    this flaw to redirect HTTP requests performed by a PHP script to an
    attacker-controlled proxy via a malicious HTTP request.
    (CVE-2016-5385)
    
    (Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but
    was not previously part of this errata)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-728.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update php55' to update your system.
    
    Run 'yum update php56' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php55-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-cli-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-common-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-dba-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-devel-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gd-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-imap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-intl-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-process-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-recode-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-soap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xml-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-cli-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-common-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dba-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-devel-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gd-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-imap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-intl-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-process-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-recode-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-soap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xml-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.24-1.126.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-703.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-05
    modified2016-06-14
    plugin id91585
    published2016-06-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91585
    titleopenSUSE Security Update : php5 (openSUSE-2016-703)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-703.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91585);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-7456", "CVE-2015-4116", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8876", "CVE-2015-8877", "CVE-2015-8879", "CVE-2016-3074", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2016-703)");
      script_summary(english:"Check for the openSUSE-2016-703 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
      - CVE-2013-7456: imagescale out-of-bounds read
        (bnc#982009).
    
      - CVE-2016-5093: get_icu_value_internal out-of-bounds read
        (bnc#982010).
    
      - CVE-2016-5094: Don't create strings with lengths outside
        int range (bnc#982011).
    
      - CVE-2016-5095: Don't create strings with lengths outside
        int range (bnc#982012).
    
      - CVE-2016-5096: int/size_t confusion in fread
        (bsc#982013).
    
      - CVE-2016-5114: fpm_log.c memory leak and buffer overflow
        (bnc#982162).
    
      - CVE-2015-8877: The gdImageScaleTwoPass function in
        gd_interpolation.c in the GD Graphics Library (aka
        libgd), as used in PHP, used inconsistent allocate and
        free approaches, which allowed remote attackers to cause
        a denial of service (memory consumption) via a crafted
        call, as demonstrated by a call to the PHP imagescale
        function (bsc#981061).
    
      - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not
        validate certain Exception objects, which allowed remote
        attackers to cause a denial of service (NULL pointer
        dereference and application crash) or trigger unintended
        method execution via crafted serialized data
        (bsc#981049).
    
      - CVE-2015-8879: The odbc_bindcols function in
        ext/odbc/php_odbc.c in PHP mishandled driver behavior
        for SQL_WVARCHAR columns, which allowed remote attackers
        to cause a denial of service (application crash) in
        opportunistic circumstances by leveraging use of the
        odbc_fetch_array function to access a certain type of
        Microsoft SQL Server table Aliased: (bsc#981050).
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function in ext/spl/spl_heap.c in
        PHP allowed remote attackers to execute arbitrary code
        by triggering a failed SplMinHeap::compare operation
        (bsc#980366).
    
      - CVE-2015-8874: Stack consumption vulnerability in GD in
        PHP allowed remote attackers to cause a denial of
        service via a crafted imagefilltoborder call
        (bsc#980375).
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c in PHP allowed remote attackers
        to cause a denial of service (segmentation fault) via
        recursive method calls (bsc#980373).
    
      - CVE-2016-3074: Integer signedness error in GD Graphics
        Library (aka libgd or libgd2) allowed remote attackers
        to cause a denial of service (crash) or potentially
        execute arbitrary code via crafted compressed gd2 data,
        which triggers a heap-based buffer overflow
        (bsc#976775)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=976775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982162"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-66.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1638-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93161);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2004-1019", "CVE-2006-7243", "CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3597", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-5459", "CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2014-9767", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3152", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4116", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8879", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114");
      script_bugtraq_id(44951, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68511, 68513, 69322, 69388, 70611, 70665, 70666, 71791, 71932, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73306, 73431, 74239, 74240, 74398, 74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292, 75970, 75974);
    
      script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php53 to version 5.3.17 fixes the following issues :
    
    These security issues were fixed :
    
      - CVE-2016-5093: get_icu_value_internal out-of-bounds read
        (bnc#982010).
    
      - CVE-2016-5094: Don't create strings with lengths outside
        int range (bnc#982011).
    
      - CVE-2016-5095: Don't create strings with lengths outside
        int range (bnc#982012).
    
      - CVE-2016-5096: int/size_t confusion in fread
        (bsc#982013).
    
      - CVE-2016-5114: fpm_log.c memory leak and buffer overflow
        (bnc#982162).
    
      - CVE-2015-8879: The odbc_bindcols function in
        ext/odbc/php_odbc.c in PHP mishandles driver behavior
        for SQL_WVARCHAR columns, which allowed remote attackers
        to cause a denial of service (application crash) in
        opportunistic circumstances by leveraging use of the
        odbc_fetch_array function to access a certain type of
        Microsoft SQL Server table (bsc#981050).
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function in ext/spl/spl_heap.c in
        PHP allowed remote attackers to execute arbitrary code
        by triggering a failed SplMinHeap::compare operation
        (bsc#980366).
    
      - CVE-2015-8874: Stack consumption vulnerability in GD in
        PHP allowed remote attackers to cause a denial of
        service via a crafted imagefilltoborder call
        (bsc#980375).
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c in PHP allowed remote attackers
        to cause a denial of service (segmentation fault) via
        recursive method calls (bsc#980373).
    
      - CVE-2016-4540: The grapheme_stripos function in
        ext/intl/grapheme/grapheme_string.c in PHP allowed
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset (bsc#978829).
    
      - CVE-2016-4541: The grapheme_strpos function in
        ext/intl/grapheme/grapheme_string.c in PHP allowed
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset (bsc#978829.
    
      - CVE-2016-4542: The exif_process_IFD_TAG function in
        ext/exif/exif.c in PHP did not properly construct
        spprintf arguments, which allowed remote attackers to
        cause a denial of service (out-of-bounds read) or
        possibly have unspecified other impact via crafted
        header data (bsc#978830).
    
      - CVE-2016-4543: The exif_process_IFD_in_JPEG function in
        ext/exif/exif.c in PHP did not validate IFD sizes, which
        allowed remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via crafted header data (bsc#978830.
    
      - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in
        ext/exif/exif.c in PHP did not validate TIFF start data,
        which allowed remote attackers to cause a denial of
        service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header data
        (bsc#978830.
    
      - CVE-2016-4537: The bcpowmod function in
        ext/bcmath/bcmath.c in PHP accepted a negative integer
        for the scale argument, which allowed remote attackers
        to cause a denial of service or possibly have
        unspecified other impact via a crafted call
        (bsc#978827).
    
      - CVE-2016-4538: The bcpowmod function in
        ext/bcmath/bcmath.c in PHP modified certain data
        structures without considering whether they are copies
        of the _zero_, _one_, or _two_ global variable, which
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via a crafted
        call (bsc#978827).
    
      - CVE-2016-4539: The xml_parse_into_struct function in
        ext/xml/xml.c in PHP allowed remote attackers to cause a
        denial of service (buffer under-read and segmentation
        fault) or possibly have unspecified other impact via
        crafted XML data in the second argument, leading to a
        parser level of zero (bsc#978828).
    
      - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles
        zero-length uncompressed data, which allowed remote
        attackers to cause a denial of service (heap memory
        corruption) or possibly have unspecified other impact
        via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive
        (bsc#977991).
    
      - CVE-2016-4346: Integer overflow in the str_pad function
        in ext/standard/string.c in PHP allowed remote attackers
        to cause a denial of service or possibly have
        unspecified other impact via a long string, leading to a
        heap-based buffer overflow (bsc#977994).
    
      - CVE-2016-4073: Multiple integer overflows in the
        mbfl_strcut function in
        ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed
        remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted mb_strcut call (bsc#977003).
    
      - CVE-2015-8867: The openssl_random_pseudo_bytes function
        in ext/openssl/openssl.c in PHP incorrectly relied on
        the deprecated RAND_pseudo_bytes function, which made it
        easier for remote attackers to defeat cryptographic
        protection mechanisms via unspecified vectors
        (bsc#977005).
    
      - CVE-2016-4070: Integer overflow in the
        php_raw_url_encode function in ext/standard/url.c in PHP
        allowed remote attackers to cause a denial of service
        (application crash) via a long string to the
        rawurlencode function (bsc#976997).
    
      - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM
        is used, did not isolate each thread from
        libxml_disable_entity_loader changes in other threads,
        which allowed remote attackers to conduct XML External
        Entity (XXE) and XML Entity Expansion (XEE) attacks via
        a crafted XML document, a related issue to CVE-2015-5161
        (bsc#976996).
    
      - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a
        client SSL option to mean that SSL is optional, which
        allowed man-in-the-middle attackers to spoof servers via
        a cleartext-downgrade attack, a related issue to
        CVE-2015-3152 (bsc#973792).
    
      - CVE-2015-8835: The make_http_soap_request function in
        ext/soap/php_http.c in PHP did not properly retrieve
        keys, which allowed remote attackers to cause a denial
        of service (NULL pointer dereference, type confusion,
        and application crash) or possibly execute arbitrary
        code via crafted serialized data representing a
        numerically indexed _cookies array, related to the
        SoapClient::__call method in ext/soap/soap.c
        (bsc#973351).
    
      - CVE-2016-3141: Use-after-free vulnerability in wddx.c in
        the WDDX extension in PHP allowed remote attackers to
        cause a denial of service (memory corruption and
        application crash) or possibly have unspecified other
        impact by triggering a wddx_deserialize call on XML data
        containing a crafted var element (bsc#969821).
    
      - CVE-2016-3142: The phar_parse_zipfile function in zip.c
        in the PHAR extension in PHP allowed remote attackers to
        obtain sensitive information from process memory or
        cause a denial of service (out-of-bounds read and
        application crash) by placing a PK\x05\x06 signature at
        an invalid location (bsc#971912).
    
      - CVE-2014-9767: Directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c in
        PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers
        to create arbitrary empty directories via a crafted ZIP
        archive (bsc#971612).
    
      - CVE-2016-3185: The make_http_soap_request function in
        ext/soap/php_http.c in PHP allowed remote attackers to
        obtain sensitive information from process memory or
        cause a denial of service (type confusion and
        application crash) via crafted serialized _cookies data,
        related to the SoapClient::__call method in
        ext/soap/soap.c (bsc#971611).
    
      - CVE-2016-2554: Stack-based buffer overflow in
        ext/phar/tar.c in PHP allowed remote attackers to cause
        a denial of service (application crash) or possibly have
        unspecified other impact via a crafted TAR archive
        (bsc#968284).
    
      - CVE-2015-7803: The phar_get_entry_data function in
        ext/phar/util.c in PHP allowed remote attackers to cause
        a denial of service (NULL pointer dereference and
        application crash) via a .phar file with a crafted TAR
        archive entry in which the Link indicator references a
        file that did not exist (bsc#949961).
    
      - CVE-2015-6831: Multiple use-after-free vulnerabilities
        in SPL in PHP allowed remote attackers to execute
        arbitrary code via vectors involving (1) ArrayObject,
        (2) SplObjectStorage, and (3) SplDoublyLinkedList, which
        are mishandled during unserialization (bsc#942291).
    
      - CVE-2015-6833: Directory traversal vulnerability in the
        PharData class in PHP allowed remote attackers to write
        to arbitrary files via a .. (dot dot) in a ZIP archive
        entry that is mishandled during an extractTo call
        (bsc#942296.
    
      - CVE-2015-6836: The SoapClient __call method in
        ext/soap/soap.c in PHP did not properly manage headers,
        which allowed remote attackers to execute arbitrary code
        via crafted serialized data that triggers a 'type
        confusion' in the serialize_function_call function
        (bsc#945428).
    
      - CVE-2015-6837: The xsl_ext_function_php function in
        ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
        not consider the possibility of a NULL valuePop return
        value proceeding with a free operation during initial
        error checking, which allowed remote attackers to cause
        a denial of service (NULL pointer dereference and
        application crash) via a crafted XML document, a
        different vulnerability than CVE-2015-6838 (bsc#945412).
    
      - CVE-2015-6838: The xsl_ext_function_php function in
        ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did
        not consider the possibility of a NULL valuePop return
        value proceeding with a free operation after the
        principal argument loop, which allowed remote attackers
        to cause a denial of service (NULL pointer dereference
        and application crash) via a crafted XML document, a
        different vulnerability than CVE-2015-6837 (bsc#945412).
    
      - CVE-2015-5590: Stack-based buffer overflow in the
        phar_fix_filepath function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via a large
        length value, as demonstrated by mishandling of an
        e-mail attachment by the imap PHP extension
        (bsc#938719).
    
      - CVE-2015-5589: The phar_convert_to_other function in
        ext/phar/phar_object.c in PHP did not validate a file
        pointer a close operation, which allowed remote
        attackers to cause a denial of service (segmentation
        fault) or possibly have unspecified other impact via a
        crafted TAR archive that is mishandled in a
        Phar::convertToData call (bsc#938721).
    
      - CVE-2015-4602: The __PHP_Incomplete_Class function in
        ext/standard/incomplete_class.c in PHP allowed remote
        attackers to cause a denial of service (application
        crash) or possibly execute arbitrary code via an
        unexpected data type, related to a 'type confusion'
        issue (bsc#935224).
    
      - CVE-2015-4599: The SoapFault::__toString method in
        ext/soap/soap.c in PHP allowed remote attackers to
        obtain sensitive information, cause a denial of service
        (application crash), or possibly execute arbitrary code
        via an unexpected data type, related to a 'type
        confusion' issue (bsc#935226).
    
      - CVE-2015-4600: The SoapClient implementation in PHP
        allowed remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via an unexpected data type, related to 'type confusion'
        issues in the (1) SoapClient::__getLastRequest, (2)
        SoapClient::__getLastResponse, (3)
        SoapClient::__getLastRequestHeaders, (4)
        SoapClient::__getLastResponseHeaders, (5)
        SoapClient::__getCookies, and (6)
        SoapClient::__setCookie methods (bsc#935226).
    
      - CVE-2015-4601: PHP allowed remote attackers to cause a
        denial of service (application crash) or possibly
        execute arbitrary code via an unexpected data type,
        related to 'type confusion' issues in (1)
        ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and
        (3) ext/soap/soap.c, a different issue than
        CVE-2015-4600 (bsc#935226.
    
      - CVE-2015-4603: The exception::getTraceAsString function
        in Zend/zend_exceptions.c in PHP allowed remote
        attackers to execute arbitrary code via an unexpected
        data type, related to a 'type confusion' issue
        (bsc#935234).
    
      - CVE-2015-4644: The php_pgsql_meta_data function in
        pgsql.c in the PostgreSQL (aka pgsql) extension in PHP
        did not validate token extraction for table names, which
        might allowed remote attackers to cause a denial of
        service (NULL pointer dereference and application crash)
        via a crafted name. NOTE: this vulnerability exists
        because of an incomplete fix for CVE-2015-1352
        (bsc#935274).
    
      - CVE-2015-4643: Integer overflow in the ftp_genlist
        function in ext/ftp/ftp.c in PHP allowed remote FTP
        servers to execute arbitrary code via a long reply to a
        LIST command, leading to a heap-based buffer overflow.
        NOTE: this vulnerability exists because of an incomplete
        fix for CVE-2015-4022 (bsc#935275).
    
      - CVE-2015-3411: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read or write to arbitrary files via crafted input to
        an application that calls (1) a DOMDocument load method,
        (2) the xmlwriter_open_uri function, (3) the finfo_file
        function, or (4) the hash_hmac_file function, as
        demonstrated by a filename\0.xml attack that bypasses an
        intended configuration in which client users may read
        only .xml files (bsc#935227).
    
      - CVE-2015-3412: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read arbitrary files via crafted input to an
        application that calls the stream_resolve_include_path
        function in ext/standard/streamsfuncs.c, as demonstrated
        by a filename\0.extension attack that bypasses an
        intended configuration in which client users may read
        files with only one specific extension (bsc#935229).
    
      - CVE-2015-4598: PHP did not ensure that pathnames lack
        %00 sequences, which might have allowed remote attackers
        to read or write to arbitrary files via crafted input to
        an application that calls (1) a DOMDocument save method
        or (2) the GD imagepsloadfont function, as demonstrated
        by a filename\0.html attack that bypasses an intended
        configuration in which client users may write to only
        .html files (bsc#935232).
    
      - CVE-2015-4148: The do_soap_call function in
        ext/soap/soap.c in PHP did not verify that the uri
        property is a string, which allowed remote attackers to
        obtain sensitive information by providing crafted
        serialized data with an int data type, related to a
        'type confusion' issue (bsc#933227).
    
      - CVE-2015-4024: Algorithmic complexity vulnerability in
        the multipart_buffer_headers function in main/rfc1867.c
        in PHP allowed remote attackers to cause a denial of
        service (CPU consumption) via crafted form data that
        triggers an improper order-of-growth outcome
        (bsc#931421).
    
      - CVE-2015-4026: The pcntl_exec implementation in PHP
        truncates a pathname upon encountering a \x00 character,
        which might allowed remote attackers to bypass intended
        extension restrictions and execute files with unexpected
        names via a crafted first argument. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2006-7243 (bsc#931776).
    
      - CVE-2015-4022: Integer overflow in the ftp_genlist
        function in ext/ftp/ftp.c in PHP allowed remote FTP
        servers to execute arbitrary code via a long reply to a
        LIST command, leading to a heap-based buffer overflow
        (bsc#931772).
    
      - CVE-2015-4021: The phar_parse_tarfile function in
        ext/phar/tar.c in PHP did not verify that the first
        character of a filename is different from the \0
        character, which allowed remote attackers to cause a
        denial of service (integer underflow and memory
        corruption) via a crafted entry in a tar archive
        (bsc#931769).
    
      - CVE-2015-3329: Multiple stack-based buffer overflows in
        the phar_set_inode function in phar_internal.h in PHP
        allowed remote attackers to execute arbitrary code via a
        crafted length value in a (1) tar, (2) phar, or (3) ZIP
        archive (bsc#928506).
    
      - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote
        attackers to obtain sensitive information from process
        memory or cause a denial of service (buffer over-read
        and application crash) via a crafted length value in
        conjunction with crafted serialized data in a phar
        archive, related to the phar_parse_metadata and
        phar_parse_pharfile functions (bsc#928511).
    
      - CVE-2015-2787: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages use of the unset
        function within an __wakeup function, a related issue to
        CVE-2015-0231 (bsc#924972).
    
      - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in
        GD 2.1.1 and earlier, as used in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via a crafted GIF image that is
        improperly handled by the gdImageCreateFromGif function
        (bsc#923945).
    
      - CVE-2015-2301: Use-after-free vulnerability in the
        phar_rename_archive function in phar_object.c in PHP
        allowed remote attackers to cause a denial of service or
        possibly have unspecified other impact via vectors that
        trigger an attempted renaming of a Phar archive to the
        name of an existing file (bsc#922452).
    
      - CVE-2015-2305: Integer overflow in the regcomp
        implementation in the Henry Spencer BSD regex library
        (aka rxspencer) 32-bit platforms might have allowed
        context-dependent attackers to execute arbitrary code
        via a large regular expression that leads to a
        heap-based buffer overflow (bsc#921950).
    
      - CVE-2014-9705: Heap-based buffer overflow in the
        enchant_broker_request_dict function in
        ext/enchant/enchant.c in PHP allowed remote attackers to
        execute arbitrary code via vectors that trigger creation
        of multiple dictionaries (bsc#922451).
    
      - CVE-2015-0273: Multiple use-after-free vulnerabilities
        in ext/date/php_date.c in PHP allowed remote attackers
        to execute arbitrary code via crafted serialized input
        containing a (1) R or (2) r type specifier in (a)
        DateTimeZone data handled by the
        php_date_timezone_initialize_from_hash function or (b)
        DateTime data handled by the
        php_date_initialize_from_hash function (bsc#918768).
    
      - CVE-2014-9652: The mconvert function in softmagic.c in
        file as used in the Fileinfo component in PHP did not
        properly handle a certain string-length field during a
        copy of a truncated version of a Pascal string, which
        might allowed remote attackers to cause a denial of
        service (out-of-bounds memory access and application
        crash) via a crafted file (bsc#917150).
    
      - CVE-2014-8142: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate keys within the serialized properties of an
        object, a different vulnerability than CVE-2004-1019
        (bsc#910659).
    
      - CVE-2015-0231: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate numerical keys within the serialized
        properties of an object. NOTE: this vulnerability exists
        because of an incomplete fix for CVE-2014-8142
        (bsc#910659).
    
      - CVE-2014-8142: Use-after-free vulnerability in the
        process_nested_data function in
        ext/standard/var_unserializer.re in PHP allowed remote
        attackers to execute arbitrary code via a crafted
        unserialize call that leverages improper handling of
        duplicate keys within the serialized properties of an
        object, a different vulnerability than CVE-2004-1019
        (bsc#910659).
    
      - CVE-2015-0232: The exif_process_unicode function in
        ext/exif/exif.c in PHP allowed remote attackers to
        execute arbitrary code or cause a denial of service
        (uninitialized pointer free and application crash) via
        crafted EXIF data in a JPEG image (bsc#914690).
    
      - CVE-2014-3670: The exif_ifd_make_value function in
        exif.c in the EXIF extension in PHP operates on
        floating-point arrays incorrectly, which allowed remote
        attackers to cause a denial of service (heap memory
        corruption and application crash) or possibly execute
        arbitrary code via a crafted JPEG image with TIFF
        thumbnail data that is improperly handled by the
        exif_thumbnail function (bsc#902357).
    
      - CVE-2014-3669: Integer overflow in the object_custom
        function in ext/standard/var_unserializer.c in PHP
        allowed remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via an argument to the unserialize function that
        triggers calculation of a large length value
        (bsc#902360).
    
      - CVE-2014-3668: Buffer overflow in the date_from_ISO8601
        function in the mkgmtime implementation in
        libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP
        allowed remote attackers to cause a denial of service
        (application crash) via (1) a crafted first argument to
        the xmlrpc_set_type function or (2) a crafted argument
        to the xmlrpc_decode function, related to an
        out-of-bounds read operation (bsc#902368).
    
      - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR
        in PHP allowed local users to write to arbitrary files
        via a symlink attack on a (1) rest.cachefile or (2)
        rest.cacheid file in /tmp/pear/cache/, related to the
        retrieveCacheFirst and useLocalCache functions
        (bsc#893849).
    
      - CVE-2014-3597: Multiple buffer overflows in the
        php_parserr function in ext/standard/dns.c in PHP
        allowed remote DNS servers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted DNS record, related to the dns_get_record
        function and the dn_expand function. NOTE: this issue
        exists because of an incomplete fix for CVE-2014-4049
        (bsc#893853).
    
      - CVE-2014-4670: Use-after-free vulnerability in
        ext/spl/spl_dllist.c in the SPL component in PHP allowed
        context-dependent attackers to cause a denial of service
        or possibly have unspecified other impact via crafted
        iterator usage within applications in certain
        web-hosting environments (bsc#886059).
    
      - CVE-2014-4698: Use-after-free vulnerability in
        ext/spl/spl_array.c in the SPL component in PHP allowed
        context-dependent attackers to cause a denial of service
        or possibly have unspecified other impact via crafted
        ArrayIterator usage within applications in certain
        web-hosting environments (bsc#886060).
    
      - CVE-2014-4721: The phpinfo implementation in
        ext/standard/info.c in PHP did not ensure use of the
        string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE,
        PHP_AUTH_USER, and PHP_SELF variables, which might
        allowed context-dependent attackers to obtain sensitive
        information from process memory by using the integer
        data type with crafted values, related to a 'type
        confusion' vulnerability, as demonstrated by reading a
        private SSL key in an Apache HTTP Server web-hosting
        environment with mod_ssl and a PHP 5.3.x mod_php
        (bsc#885961).
    
      - CVE-2014-0207: The cdf_read_short_sector function in
        cdf.c in file as used in the Fileinfo component in PHP
        allowed remote attackers to cause a denial of service
        (assertion failure and application exit) via a crafted
        CDF file (bsc#884986).
    
      - CVE-2014-3478: Buffer overflow in the mconvert function
        in softmagic.c in file as used in the Fileinfo component
        in PHP allowed remote attackers to cause a denial of
        service (application crash) via a crafted Pascal string
        in a FILE_PSTRING conversion (bsc#884987).
    
      - CVE-2014-3479: The cdf_check_stream_offset function in
        cdf.c in file as used in the Fileinfo component in PHP
        relies on incorrect sector-size data, which allowed
        remote attackers to cause a denial of service
        (application crash) via a crafted stream offset in a CDF
        file (bsc#884989).
    
      - CVE-2014-3480: The cdf_count_chain function in cdf.c in
        file as used in the Fileinfo component in PHP did not
        properly validate sector-count data, which allowed
        remote attackers to cause a denial of service
        (application crash) via a crafted CDF file (bsc#884990).
    
      - CVE-2014-3487: The cdf_read_property_info function in
        file as used in the Fileinfo component in PHP did not
        properly validate a stream offset, which allowed remote
        attackers to cause a denial of service (application
        crash) via a crafted CDF file (bsc#884991).
    
      - CVE-2014-3515: The SPL component in PHP incorrectly
        anticipates that certain data structures will have the
        array data type after unserialization, which allowed
        remote attackers to execute arbitrary code via a crafted
        string that triggers use of a Hashtable destructor,
        related to 'type confusion' issues in (1) ArrayObject
        and (2) SPLObjectStorage (bsc#884992).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=884992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=885961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=886059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=886060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=893849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=893853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910659"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=914690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=917150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=918768"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=921950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=923945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=925109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=935275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=938719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=938721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=949961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=968284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971611"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2004-1019/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2006-7243/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3479/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3480/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3515/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3597/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3668/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3670/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4049/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4670/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4698/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4721/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5459/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8142/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9652/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9705/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9709/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9767/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0231/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0232/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0273/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1352/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2301/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2305/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2783/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2787/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3152/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3329/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3411/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3412/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4021/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4022/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4026/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4116/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4148/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4598/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4599/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4600/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4601/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4602/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4603/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4643/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4644/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5161/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5589/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5590/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6837/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6838/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7803/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8838/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8866/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8867/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8873/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3141/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3142/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4070/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4538/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4539/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4540/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4543/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4544/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5094/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5095/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5096/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5114/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc947fb9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP2-LTSS :
    
    zypper in -t patch slessp2-php53-12621=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", reference:"apache2-mod_php53-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bcmath-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-bz2-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-calendar-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ctype-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-curl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dba-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-dom-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-exif-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fastcgi-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-fileinfo-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ftp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gd-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gettext-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-gmp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-iconv-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-intl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-json-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-ldap-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mbstring-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mcrypt-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-mysql-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-odbc-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-openssl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pcntl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pdo-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pear-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pgsql-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-pspell-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-shmop-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-snmp-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-soap-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-suhosin-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvmsg-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvsem-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-sysvshm-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-tokenizer-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-wddx-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlreader-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlrpc-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xmlwriter-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-xsl-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zip-5.3.17-47.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"php53-zlib-5.3.17-47.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1504-1.NASL
    descriptionThis update for php5 fixes the following issues : Security issues fixed : - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119978
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119978
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1504-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119978);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2015-4116", "CVE-2015-8873", "CVE-2015-8874", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544");
    
      script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2016-4346: heap overflow in ext/standard/string.c
        (bsc#977994)
    
      - CVE-2016-4342: heap corruption in tar/zip/phar parser
        (bsc#977991)
    
      - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative
        scale causing heap buffer overflow corrupting _one_
        definition (bsc#978827)
    
      - CVE-2016-4539: Malformed input causes segmentation fault
        in xml_parse_into_struct() function (bsc#978828)
    
      - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
        in zif_grapheme_stripos when given negative offset
        (bsc#978829)
    
      - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
        Out-of-bounds heap memory read in exif_read_data()
        caused by malformed input (bsc#978830)
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function (bsc#980366)
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c (bsc#980373)
    
      - CVE-2015-8874: Stack consumption vulnerability in GD
        (bsc#980375)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4116/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8873/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4538/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4539/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4540/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4543/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4544/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?380a5b59"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-895=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2016-895=1
    
    SUSE Linux Enterprise Module for Web Scripting 12 :
    
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-895=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4342");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-59.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-59.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D126BB1B74.NASL
    description - fix for stack overflow with gdImageFillToBorder (CVE-2015-8874) - fix integer Overflow in _gd2GetHeader() (CVE-2016-5766) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-19
    plugin id92392
    published2016-07-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92392
    titleFedora 23 : gd (2016-d126bb1b74)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-d126bb1b74.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92392);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8874", "CVE-2016-5766");
      script_xref(name:"FEDORA", value:"2016-d126bb1b74");
    
      script_name(english:"Fedora 23 : gd (2016-d126bb1b74)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - fix for stack overflow with gdImageFillToBorder
        (CVE-2015-8874)
    
      - fix integer Overflow in _gd2GetHeader() (CVE-2016-5766)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gd package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"gd-2.1.1-8.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132184);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2011-4718",
        "CVE-2014-9767",
        "CVE-2014-9912",
        "CVE-2015-4116",
        "CVE-2015-5589",
        "CVE-2015-6831",
        "CVE-2015-6832",
        "CVE-2015-6833",
        "CVE-2015-7803",
        "CVE-2015-7804",
        "CVE-2015-8835",
        "CVE-2015-8866",
        "CVE-2015-8874",
        "CVE-2015-8879",
        "CVE-2015-8935",
        "CVE-2016-10158",
        "CVE-2016-10159",
        "CVE-2016-10161",
        "CVE-2016-10397",
        "CVE-2016-2554",
        "CVE-2016-3141",
        "CVE-2016-3142",
        "CVE-2016-3185",
        "CVE-2016-4070",
        "CVE-2016-4539",
        "CVE-2016-4540",
        "CVE-2016-4541",
        "CVE-2016-4542",
        "CVE-2016-4543",
        "CVE-2016-5093",
        "CVE-2016-5094",
        "CVE-2016-6288",
        "CVE-2016-6291",
        "CVE-2016-6292",
        "CVE-2016-6294",
        "CVE-2016-7124",
        "CVE-2016-7125",
        "CVE-2016-7128",
        "CVE-2016-7411",
        "CVE-2016-7412",
        "CVE-2016-7414",
        "CVE-2016-7418",
        "CVE-2016-7480",
        "CVE-2016-9934",
        "CVE-2016-9935",
        "CVE-2017-11143",
        "CVE-2017-11144",
        "CVE-2017-11147",
        "CVE-2017-11628",
        "CVE-2017-12933",
        "CVE-2017-16642",
        "CVE-2017-7272",
        "CVE-2017-9224",
        "CVE-2017-9226",
        "CVE-2017-9227",
        "CVE-2017-9228",
        "CVE-2017-9229",
        "CVE-2018-10545",
        "CVE-2018-10547",
        "CVE-2018-14851",
        "CVE-2018-17082",
        "CVE-2018-5711",
        "CVE-2018-5712",
        "CVE-2019-11043"
      );
      script_bugtraq_id(
        61929,
        75974
      );
    
      script_name(english:"EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - ** DISPUTED ** Integer overflow in the
        php_raw_url_encode function in ext/standard/url.c in
        PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before
        7.0.5 allows remote attackers to cause a denial of
        service (application crash) via a long string to the
        rawurlencode function. NOTE: the vendor says 'Not sure
        if this qualifies as security issue (probably
        not).'(CVE-2016-4070)
    
      - An issue was discovered in ext/phar/phar_object.c in
        PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before
        7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS
        on the PHAR 403 and 404 error pages via request data of
        a request for a .phar file. NOTE: this vulnerability
        exists because of an incomplete fix for
        CVE-2018-5712.(CVE-2018-10547)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A heap out-of-bounds write occurs in
        bitset_set_range() during regular expression
        compilation due to an uninitialized variable from an
        incorrect state transition. An incorrect state
        transition in parse_char_class() could create an
        execution path that leaves a critical local variable
        uninitialized until it's used as an index, resulting in
        an out-of-bounds write memory
        corruption.(CVE-2017-9228)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A heap out-of-bounds write or read
        occurs in next_state_val() during regular expression
        compilation. Octal numbers larger than 0xff are not
        handled correctly in fetch_token() and
        fetch_token_in_cc(). A malformed regular expression
        containing an octal number in the form of '\700' would
        produce an invalid code point value larger than 0xff in
        next_state_val(), resulting in an out-of-bounds write
        memory corruption.(CVE-2017-9226)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A SIGSEGV occurs in
        left_adjust_char_head() during regular expression
        compilation. Invalid handling of reg->dmax in
        forward_search_range() could result in an invalid
        pointer dereference, normally as an immediate
        denial-of-service condition.(CVE-2017-9229)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A stack out-of-bounds read occurs in
        match_at() during regular expression searching. A
        logical error involving order of validation and access
        in match_at() could result in an out-of-bounds read
        from a stack buffer.(CVE-2017-9224)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A stack out-of-bounds read occurs in
        mbc_enc_len() during regular expression searching.
        Invalid handling of reg->dmin in forward_search_range()
        could result in an invalid pointer dereference, as an
        out-of-bounds read from a stack buffer.(CVE-2017-9227)
    
      - An issue was discovered in PHP before 5.6.33, 7.0.x
        before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before
        7.2.1. There is Reflected XSS on the PHAR 404 error
        page via the URI of a request for a .phar
        file.(CVE-2018-5712)
    
      - An issue was discovered in PHP before 5.6.35, 7.0.x
        before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before
        7.2.4. Dumpable FPM child processes allow bypassing
        opcache access controls because fpm_unix.c makes a
        PR_SET_DUMPABLE prctl call, allowing one user (in a
        multiuser environment) to obtain sensitive information
        from the process memory of a second user's PHP
        applications by running gcore on the PID of the PHP-FPM
        worker process.(CVE-2018-10545)
    
      - Directory traversal vulnerability in the PharData class
        in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x
        before 5.6.12 allows remote attackers to write to
        arbitrary files via a .. (dot dot) in a ZIP archive
        entry that is mishandled during an extractTo
        call.(CVE-2015-6833)
    
      - Directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c in
        PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x
        before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before
        3.12.1 allows remote attackers to create arbitrary
        empty directories via a crafted ZIP
        archive.(CVE-2014-9767)
    
      - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP
        before 5.6.37, 7.0.x before 7.0.31, 7.1.x before
        7.1.20, and 7.2.x before 7.2.8 allows remote attackers
        to cause a denial of service (out-of-bounds read and
        application crash) via a crafted JPEG
        file.(CVE-2018-14851)
    
      - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x
        before 5.6.6, when PHP-FPM is used, does not isolate
        each thread from libxml_disable_entity_loader changes
        in other threads, which allows remote attackers to
        conduct XML External Entity (XXE) and XML Entity
        Expansion (XEE) attacks via a crafted XML document, a
        related issue to CVE-2015-5161.(CVE-2015-8866)
    
      - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26
        and 7.x before 7.0.11 does not verify that a BIT field
        has the UNSIGNED_FLAG flag, which allows remote MySQL
        servers to cause a denial of service (heap-based buffer
        overflow) or possibly have unspecified other impact via
        crafted field metadata.(CVE-2016-7412)
    
      - ext/session/session.c in PHP before 5.6.25 and 7.x
        before 7.0.10 skips invalid session names in a way that
        triggers incorrect parsing, which allows remote
        attackers to inject arbitrary-type session data by
        leveraging control of a session name, as demonstrated
        by object injection.(CVE-2016-7125)
    
      - ext/standard/var_unserializer.c in PHP before 5.6.25
        and 7.x before 7.0.10 mishandles certain invalid
        objects, which allows remote attackers to cause a
        denial of service or possibly have unspecified other
        impact via crafted serialized data that leads to a (1)
        __destruct call or (2) magic method
        call.(CVE-2016-7124)
    
      - ext/standard/var_unserializer.re in PHP before 5.6.26
        mishandles object-deserialization failures, which
        allows remote attackers to cause a denial of service
        (memory corruption) or possibly have unspecified other
        impact via an unserialize call that references a
        partially constructed object.(CVE-2016-7411)
    
      - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before
        7.0.13 allows remote attackers to cause a denial of
        service (NULL pointer dereference) via crafted
        serialized data in a wddxPacket XML document, as
        demonstrated by a PDORow string.(CVE-2016-9934)
    
      - gd_gif_in.c in the GD Graphics Library (aka libgd), as
        used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x
        before 7.1.13, and 7.2.x before 7.2.1, has an integer
        signedness error that leads to an infinite loop via a
        crafted GIF file, as demonstrated by a call to the
        imagecreatefromgif or imagecreatefromstring PHP
        function. This is related to GetCode_ and
        gdImageCreateFromGifCtx.(CVE-2018-5711)
    
      - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect
        handling of various URI components in the URL parser
        could be used by attackers to bypass hostname-specific
        URL checks, as demonstrated by
        evil.example.com:80#@good.example.com/ and
        evil.example.com:[email protected]/ inputs to the
        parse_url function (implemented in the php_url_parse_ex
        function in ext/standard/url.c).(CVE-2016-10397)
    
      - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR
        archive handler could be used by attackers supplying
        malicious archive files to crash the PHP interpreter or
        potentially disclose information due to a buffer
        over-read in the phar_parse_pharfile function in
        ext/phar/phar.c.(CVE-2017-11147)
    
      - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x
        before 7.1.7, a stack-based buffer overflow in the
        zend_ini_do_op() function in Zend/zend_ini_parser.c
        could cause a denial of service or potentially allow
        executing code. NOTE: this is only relevant for PHP
        applications that accept untrusted input (instead of
        the system's php.ini file) for the parse_ini_string or
        parse_ini_file function, e.g., a web application for
        syntax validation of php.ini
        directives.(CVE-2017-11628)
    
      - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x
        before 7.1.7, the openssl extension PEM sealing code
        did not check the return value of the OpenSSL sealing
        function, which could lead to a crash of the PHP
        interpreter, related to an interpretation conflict for
        a negative number in ext/openssl/openssl.c, and an
        OpenSSL documentation omission.(CVE-2017-11144)
    
      - In PHP before 5.6.31, an invalid free in the WDDX
        deserialization of boolean parameters could be used by
        attackers able to inject XML for deserialization to
        crash the PHP interpreter, related to an invalid free
        for an empty boolean element in
        ext/wddx/wddx.c.(CVE-2017-11143)
    
      - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x
        before 7.1.11, an error in the date extension's
        timelib_meridian handling of 'front of' and 'back of'
        directives could be used by attackers able to supply
        date strings to leak information from the interpreter,
        related to ext/date/lib/parse_date.c out-of-bounds
        reads affecting the php_parse_date function. NOTE: this
        is a different issue than
        CVE-2017-11145.(CVE-2017-16642)
    
      - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24
        and 7.3.x below 7.3.11 in certain configurations of FPM
        setup it is possible to cause FPM module to write past
        allocated buffers into the space reserved for FCGI
        protocol data, thus opening the possibility of remote
        code execution.(CVE-2019-11043)
    
      - Integer overflow in the phar_parse_pharfile function in
        ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before
        7.0.15 allows remote attackers to cause a denial of
        service (memory consumption or application crash) via a
        truncated manifest entry in a PHAR
        archive.(CVE-2016-10159)
    
      - Integer overflow in the php_html_entities function in
        ext/standard/html.c in PHP before 5.5.36 and 5.6.x
        before 5.6.22 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact by
        triggering a large output string from the
        htmlspecialchars function.(CVE-2016-5094)
    
      - Multiple use-after-free vulnerabilities in SPL in PHP
        before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before
        5.6.12 allow remote attackers to execute arbitrary code
        via vectors involving (1) ArrayObject, (2)
        SplObjectStorage, and (3) SplDoublyLinkedList, which
        are mishandled during unserialization.(CVE-2015-6831)
    
      - Off-by-one error in the phar_parse_zipfile function in
        ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before
        5.6.14 allows remote attackers to cause a denial of
        service (uninitialized pointer dereference and
        application crash) by including the / filename in a
        .zip PHAR archive.(CVE-2015-7804)
    
      - PHP through 7.1.11 enables potential SSRF in
        applications that accept an fsockopen or pfsockopen
        hostname argument with an expectation that the port
        number is constrained. Because a :port syntax is
        recognized, fsockopen will use the port number that is
        specified in the hostname argument, instead of the port
        number in the second argument of the
        function.(CVE-2017-7272)
    
      - Session fixation vulnerability in the Sessions
        subsystem in PHP before 5.5.2 allows remote attackers
        to hijack web sessions by specifying a session
        ID.(CVE-2011-4718)
    
      - Stack consumption vulnerability in GD in PHP before
        5.6.12 allows remote attackers to cause a denial of
        service via a crafted imagefilltoborder
        call.(CVE-2015-8874)
    
      - Stack-based buffer overflow in ext/phar/tar.c in PHP
        before 5.5.32, 5.6.x before 5.6.18, and 7.x before
        7.0.3 allows remote attackers to cause a denial of
        service (application crash) or possibly have
        unspecified other impact via a crafted TAR
        archive.(CVE-2016-2554)
    
      - The Apache2 component in PHP before 5.6.38, 7.0.x
        before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before
        7.2.10 allows XSS via the body of a 'Transfer-Encoding:
        chunked' request, because the bucket brigade is
        mishandled in the php_handler function in
        sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)
    
      - The exif_convert_any_to_int function in ext/exif/exif.c
        in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x
        before 7.1.1 allows remote attackers to cause a denial
        of service (application crash) via crafted EXIF data
        that triggers an attempt to divide the minimum
        representable negative integer by -1.(CVE-2016-10158)
    
      - The exif_process_IFD_in_JPEG function in
        ext/exif/exif.c in PHP before 5.5.35, 5.6.x before
        5.6.21, and 7.x before 7.0.6 does not validate IFD
        sizes, which allows remote attackers to cause a denial
        of service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header
        data.(CVE-2016-4543)
    
      - The exif_process_IFD_in_MAKERNOTE function in
        ext/exif/exif.c in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9 allows remote attackers to
        cause a denial of service (out-of-bounds array access
        and memory corruption), obtain sensitive information
        from process memory, or possibly have unspecified other
        impact via a crafted JPEG image.(CVE-2016-6291)
    
      - The exif_process_IFD_in_TIFF function in
        ext/exif/exif.c in PHP before 5.6.25 and 7.x before
        7.0.10 mishandles the case of a thumbnail offset that
        exceeds the file size, which allows remote attackers to
        obtain sensitive information from process memory via a
        crafted TIFF image.(CVE-2016-7128)
    
      - The exif_process_IFD_TAG function in ext/exif/exif.c in
        PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before
        7.0.6 does not properly construct spprintf arguments,
        which allows remote attackers to cause a denial of
        service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header
        data.(CVE-2016-4542)
    
      - The exif_process_user_comment function in
        ext/exif/exif.c in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9 allows remote attackers to
        cause a denial of service (NULL pointer dereference and
        application crash) via a crafted JPEG
        image.(CVE-2016-6292)
    
      - The finish_nested_data function in
        ext/standard/var_unserializer.re in PHP before 5.6.31,
        7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to
        a buffer over-read while unserializing untrusted data.
        Exploitation of this issue can have an unspecified
        impact on the integrity of PHP.(CVE-2017-12933)
    
      - The get_icu_disp_value_src_php function in
        ext/intl/locale/locale_methods.c in PHP before 5.3.29,
        5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not
        properly restrict calls to the ICU uresbund.cpp
        component, which allows remote attackers to cause a
        denial of service (buffer overflow) or possibly have
        unspecified other impact via a locale_get_display_name
        call with a long first argument.(CVE-2014-9912)
    
      - The get_icu_value_internal function in
        ext/intl/locale/locale_methods.c in PHP before 5.5.36,
        5.6.x before 5.6.22, and 7.x before 7.0.7 does not
        ensure the presence of a '\0' character, which allows
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a crafted locale_get_primary_language
        call.(CVE-2016-5093)
    
      - The grapheme_stripos function in
        ext/intl/grapheme/grapheme_string.c in PHP before
        5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6
        allows remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset.(CVE-2016-4540)
    
      - The grapheme_strpos function in
        ext/intl/grapheme/grapheme_string.c in PHP before
        5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6
        allows remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset.(CVE-2016-4541)
    
      - The locale_accept_from_http function in
        ext/intl/locale/locale_methods.c in PHP before 5.5.38,
        5.6.x before 5.6.24, and 7.x before 7.0.9 does not
        properly restrict calls to the ICU
        uloc_acceptLanguageFromHTTP function, which allows
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a call with a long argument.(CVE-2016-6294)
    
      - The make_http_soap_request function in
        ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before
        5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4
        allows remote attackers to obtain sensitive information
        from process memory or cause a denial of service (type
        confusion and application crash) via crafted serialized
        _cookies data, related to the SoapClient::__call method
        in ext/soap/soap.c.(CVE-2016-3185)
    
      - The make_http_soap_request function in
        ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before
        5.5.28, and 5.6.x before 5.6.12 does not properly
        retrieve keys, which allows remote attackers to cause a
        denial of service (NULL pointer dereference, type
        confusion, and application crash) or possibly execute
        arbitrary code via crafted serialized data representing
        a numerically indexed _cookies array, related to the
        SoapClient::__call method in
        ext/soap/soap.c.(CVE-2015-8835)
    
      - The object_common1 function in
        ext/standard/var_unserializer.c in PHP before 5.6.30,
        7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows
        remote attackers to cause a denial of service (buffer
        over-read and application crash) via crafted serialized
        data that is mishandled in a finish_nested_data
        call.(CVE-2016-10161)
    
      - The odbc_bindcols function in ext/odbc/php_odbc.c in
        PHP before 5.6.12 mishandles driver behavior for
        SQL_WVARCHAR columns, which allows remote attackers to
        cause a denial of service (application crash) in
        opportunistic circumstances by leveraging use of the
        odbc_fetch_array function to access a certain type of
        Microsoft SQL Server table.(CVE-2015-8879)
    
      - The phar_convert_to_other function in
        ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x
        before 5.5.27, and 5.6.x before 5.6.11 does not
        validate a file pointer before a close operation, which
        allows remote attackers to cause a denial of service
        (segmentation fault) or possibly have unspecified other
        impact via a crafted TAR archive that is mishandled in
        a Phar::convertToData call.(CVE-2015-5589)
    
      - The phar_get_entry_data function in ext/phar/util.c in
        PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote
        attackers to cause a denial of service (NULL pointer
        dereference and application crash) via a .phar file
        with a crafted TAR archive entry in which the Link
        indicator references a file that does not
        exist.(CVE-2015-7803)
    
      - The phar_parse_zipfile function in zip.c in the PHAR
        extension in PHP before 5.5.33 and 5.6.x before 5.6.19
        allows remote attackers to obtain sensitive information
        from process memory or cause a denial of service
        (out-of-bounds read and application crash) by placing a
        PK\x05\x06 signature at an invalid
        location.(CVE-2016-3142)
    
      - The php_url_parse_ex function in ext/standard/url.c in
        PHP before 5.5.38 allows remote attackers to cause a
        denial of service (buffer over-read) or possibly have
        unspecified other impact via vectors involving the
        smart_str data type.(CVE-2016-6288)
    
      - The php_wddx_push_element function in ext/wddx/wddx.c
        in PHP before 5.6.26 and 7.x before 7.0.11 allows
        remote attackers to cause a denial of service (invalid
        pointer access and out-of-bounds read) or possibly have
        unspecified other impact via an incorrect boolean
        element in a wddxPacket XML document, leading to
        mishandling in a wddx_deserialize call.(CVE-2016-7418)
    
      - The php_wddx_push_element function in ext/wddx/wddx.c
        in PHP before 5.6.29 and 7.x before 7.0.14 allows
        remote attackers to cause a denial of service
        (out-of-bounds read and memory corruption) or possibly
        have unspecified other impact via an empty boolean
        element in a wddxPacket XML document.(CVE-2016-9935)
    
      - The sapi_header_op function in main/SAPI.c in PHP
        before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before
        5.6.6 supports deprecated line folding without
        considering browser compatibility, which allows remote
        attackers to conduct cross-site scripting (XSS) attacks
        against Internet Explorer by leveraging (1) %0A%20 or
        (2) %0D%0A%20 mishandling in the header
        function.(CVE-2015-8935)
    
      - The SplObjectStorage unserialize implementation in
        ext/spl/spl_observer.c in PHP before 7.0.12 does not
        verify that a key is an object, which allows remote
        attackers to execute arbitrary code or cause a denial
        of service (uninitialized memory access) via crafted
        serialized data.(CVE-2016-7480)
    
      - The xml_parse_into_struct function in ext/xml/xml.c in
        PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before
        7.0.6 allows remote attackers to cause a denial of
        service (buffer under-read and segmentation fault) or
        possibly have unspecified other impact via crafted XML
        data in the second argument, leading to a parser level
        of zero.(CVE-2016-4539)
    
      - The ZIP signature-verification feature in PHP before
        5.6.26 and 7.x before 7.0.11 does not ensure that the
        uncompressed_filesize field is large enough, which
        allows remote attackers to cause a denial of service
        (out-of-bounds memory access) or possibly have
        unspecified other impact via a crafted PHAR archive,
        related to ext/phar/util.c and
        ext/phar/zip.c.(CVE-2016-7414)
    
      - Use-after-free vulnerability in the SPL unserialize
        implementation in ext/spl/spl_array.c in PHP before
        5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12
        allows remote attackers to execute arbitrary code via
        crafted serialized data that triggers misuse of an
        array field.(CVE-2015-6832)
    
      - Use-after-free vulnerability in the spl_ptr_heap_insert
        function in ext/spl/spl_heap.c in PHP before 5.5.27 and
        5.6.x before 5.6.11 allows remote attackers to execute
        arbitrary code by triggering a failed
        SplMinHeap::compare operation.(CVE-2015-4116)
    
      - Use-after-free vulnerability in wddx.c in the WDDX
        extension in PHP before 5.5.33 and 5.6.x before 5.6.19
        allows remote attackers to cause a denial of service
        (memory corruption and application crash) or possibly
        have unspecified other impact by triggering a
        wddx_deserialize call on XML data containing a crafted
        var element.(CVE-2016-3141)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd44f4b5");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-42.h51",
            "php-cli-5.4.16-42.h51",
            "php-common-5.4.16-42.h51",
            "php-gd-5.4.16-42.h51",
            "php-ldap-5.4.16-42.h51",
            "php-mysql-5.4.16-42.h51",
            "php-odbc-5.4.16-42.h51",
            "php-pdo-5.4.16-42.h51",
            "php-pgsql-5.4.16-42.h51",
            "php-process-5.4.16-42.h51",
            "php-recode-5.4.16-42.h51",
            "php-soap-5.4.16-42.h51",
            "php-xml-5.4.16-42.h51",
            "php-xmlrpc-5.4.16-42.h51"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-A4D48D6FD6.NASL
    description**Version 2.2.2** Security related fixes : - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767) - Stack overflow with gdImageFillToBorder (CVE-2015-8874) - Integer Overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) - NULL pointer Dereference at _gdScaleVert - Integer Overflow in gdImagePaletteToTrueColor() in heap overflow Numerous other fixes have been applied. The scale and rotation functions have been greatly improved as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92275
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92275
    titleFedora 24 : gd (2016-a4d48d6fd6)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-a4d48d6fd6.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92275);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8874", "CVE-2016-5766", "CVE-2016-5767");
      script_xref(name:"FEDORA", value:"2016-a4d48d6fd6");
    
      script_name(english:"Fedora 24 : gd (2016-a4d48d6fd6)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "**Version 2.2.2**
    
    Security related fixes :
    
      - Integer Overflow in gdImagePaletteToTrueColor()
        resulting in heap overflow (CVE-2016-5767)
    
      - Stack overflow with gdImageFillToBorder (CVE-2015-8874)
    
      - Integer Overflow in _gd2GetHeader() resulting in heap
        overflow (CVE-2016-5766)
    
      - NULL pointer Dereference at _gdScaleVert
    
      - Integer Overflow in gdImagePaletteToTrueColor() in heap
        overflow
    
    Numerous other fixes have been applied. The scale and rotation
    functions have been greatly improved as well.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4d48d6fd6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gd package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"gd-2.2.2-1.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-696.NASL
    descriptionThis update for php5 fixes the following issues : Security issues fixed : - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-06-09
    plugin id91531
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91531
    titleopenSUSE Security Update : php5 (openSUSE-2016-696)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-696.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91531);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-4116", "CVE-2015-8873", "CVE-2015-8874", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2016-696)");
      script_summary(english:"Check for the openSUSE-2016-696 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2016-4346: heap overflow in ext/standard/string.c
        (bsc#977994)
    
      - CVE-2016-4342: heap corruption in tar/zip/phar parser
        (bsc#977991)
    
      - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative
        scale causing heap buffer overflow corrupting _one_
        definition (bsc#978827)
    
      - CVE-2016-4539: Malformed input causes segmentation fault
        in xml_parse_into_struct() function (bsc#978828)
    
      - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
        in zif_grapheme_stripos when given negative offset
        (bsc#978829)
    
      - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
        Out-of-bounds heap memory read in exif_read_data()
        caused by malformed input (bsc#978830)
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function (bsc#980366)
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c (bsc#980373)
    
      - CVE-2015-8874: Stack consumption vulnerability in GD
        (bsc#980375)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980375"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-50.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-50.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2987-1.NASL
    descriptionIt was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709) It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874) It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877) Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91423
    published2016-06-01
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91423
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2987-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91423);
      script_version("2.12");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2014-2497", "CVE-2014-9709", "CVE-2015-8874", "CVE-2015-8877", "CVE-2016-3074");
      script_xref(name:"USN", value:"2987-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the GD library incorrectly handled certain
    color tables in XPM images. If a user or automated system were tricked
    into processing a specially crafted XPM image, an attacker could cause
    a denial of service. This issue only affected Ubuntu 12.04 LTS and
    Ubuntu 14.04 LTS. (CVE-2014-2497)
    
    It was discovered that the GD library incorrectly handled certain
    malformed GIF images. If a user or automated system were tricked into
    processing a specially crafted GIF image, an attacker could cause a
    denial of service. This issue only affected Ubuntu 12.04 LTS and
    Ubuntu 14.04 LTS. (CVE-2014-9709)
    
    It was discovered that the GD library incorrectly handled memory when
    using gdImageFillToBorder(). A remote attacker could possibly use this
    issue to cause a denial of service. (CVE-2015-8874)
    
    It was discovered that the GD library incorrectly handled memory when
    using gdImageScaleTwoPass(). A remote attacker could possibly use this
    issue to cause a denial of service. This issue only applied to Ubuntu
    14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)
    
    Hans Jerry Illikainen discovered that the GD library incorrectly
    handled certain malformed GD images. If a user or automated system
    were tricked into processing a specially crafted GD image, an attacker
    could cause a denial of service or possibly execute arbitrary code.
    (CVE-2016-3074).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2987-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libgd2-noxpm, libgd2-xpm and / or libgd3 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgd2-noxpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgd2-xpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgd3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.10|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10 / 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libgd2-noxpm", pkgver:"2.0.36~rc1~dfsg-6ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libgd2-xpm", pkgver:"2.0.36~rc1~dfsg-6ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgd3", pkgver:"2.1.0-3ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libgd3", pkgver:"2.1.1-4ubuntu0.15.10.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libgd3", pkgver:"2.1.1-4ubuntu0.16.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgd2-noxpm / libgd2-xpm / libgd3");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_5_37.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.37. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the GD graphics library in the gdImageFillToBorder() function within file gd.c when handling crafted images that have an overly large negative coordinate. An unauthenticated, remote attacker can exploit this, via a crafted image, to crash processes linked against the library. (CVE-2015-8874) - An integer overflow condition exists in the _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5766) - An integer overflow condition exists in the gdImagePaletteToTrueColor() function within file ext/gd/libgd/gd.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5767) - A double-free error exists in the _php_mb_regex_ereg_replace_exec() function within file ext/mbstring/php_mbregex.c when handling a failed callback execution. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5768) - An integer overflow condition exists within file ext/mcrypt/mcrypt.c due to improper validation of user-supplied input when handling data values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5769) - An integer overflow condition exists within file ext/spl/spl_directory.c, triggered by an int/size_t type confusion error, that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5770) - A use-after-free error exists in the garbage collection algorithm within file ext/spl/spl_array.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5771) - A double-free error exists in the php_wddx_process_data() function within file ext/wddx/wddx.c when handling specially crafted XML content. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5772) - A use-after-free error exists in the garbage collection algorithm within file ext/zip/php_zip.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5773) - An integer overflow condition exists in the json_decode() and json_utf8_to_utf16() functions within file ext/standard/php_smart_str.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An out-of-bounds read error exists in the pass2_no_dither() function within file ext/gd/libgd/gd_topal.c that allows an unauthenticated, remote attacker to cause a denial of service condition or disclose memory contents. - An integer overflow condition exists within file ext/standard/string.c when handling string lengths due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - A NULL pointer dereference flaw exists in the _gdScaleVert() function within file ext/gd/libgd/gd_interpolation.c that is triggered when handling _gdContributionsCalc return values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the nl2br() function within file ext/standard/string.c when handling new_length values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. - An integer overflow condition exists in multiple functions within file ext/standard/string.c when handling string values due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91897
    published2016-07-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91897
    titlePHP 5.5.x < 5.5.37 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91897);
      script_version("1.15");
      script_cvs_date("Date: 2019/03/27 13:17:50");
    
      script_cve_id(
        "CVE-2015-8874",
        "CVE-2016-5766",
        "CVE-2016-5767",
        "CVE-2016-5768",
        "CVE-2016-5769",
        "CVE-2016-5770",
        "CVE-2016-5771",
        "CVE-2016-5772",
        "CVE-2016-5773"
      );
      script_bugtraq_id(
        90714,
        91393,
        91395,
        91396,
        91397,
        91398,
        91399,
        91401,
        91403
      );
    
      script_name(english:"PHP 5.5.x < 5.5.37 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of PHP running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.5.x prior to 5.5.37. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A denial of service vulnerability exists in the GD
        graphics library in the gdImageFillToBorder() function
        within file gd.c when handling crafted images that have
        an overly large negative coordinate. An unauthenticated,
        remote attacker can exploit this, via a crafted image,
        to crash processes linked against the library.
        (CVE-2015-8874)
    
      - An integer overflow condition exists in the
        _gd2GetHeader() function in file ext/gd/libgd/gd_gd2.c
        due to improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-5766)
    
      - An integer overflow condition exists in the
        gdImagePaletteToTrueColor() function within file
        ext/gd/libgd/gd.c due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition
        or the execution of arbitrary code. (CVE-2016-5767)
    
      - A double-free error exists in the
        _php_mb_regex_ereg_replace_exec() function within file
        ext/mbstring/php_mbregex.c when handling a failed
        callback execution. An unauthenticated, remote attacker
        can exploit this to execute arbitrary code.
        (CVE-2016-5768)
    
      - An integer overflow condition exists within file
        ext/mcrypt/mcrypt.c due to improper validation of
        user-supplied input when handling data values. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-5769)
    
      - An integer overflow condition exists within file
        ext/spl/spl_directory.c, triggered by an int/size_t
        type confusion error, that allows an unauthenticated,
        remote attacker to have an unspecified impact.
        (CVE-2016-5770)
    
      - A use-after-free error exists in the garbage collection
        algorithm within file ext/spl/spl_array.c. An
        unauthenticated, remote attacker can exploit this to
        dereference already freed memory, resulting in the
        execution of arbitrary code. (CVE-2016-5771)
    
      - A double-free error exists in the
        php_wddx_process_data() function within file
        ext/wddx/wddx.c when handling specially crafted XML
        content. An unauthenticated, remote attacker
        can exploit this to execute arbitrary code.
        (CVE-2016-5772)
    
      - A use-after-free error exists in the garbage collection
        algorithm within file ext/zip/php_zip.c. An
        unauthenticated, remote attacker can exploit this to
        dereference already freed memory, resulting in the
        execution of arbitrary code. (CVE-2016-5773)
    
      - An integer overflow condition exists in the
        json_decode() and json_utf8_to_utf16() functions within
        file ext/standard/php_smart_str.h due to improper
        validation of user-supplied input. An unauthenticated,
        remote attacker can exploit this to cause a denial of
        service condition or the execution of arbitrary code.
    
      - An out-of-bounds read error exists in the
        pass2_no_dither() function within file
        ext/gd/libgd/gd_topal.c that allows an unauthenticated,
        remote attacker to cause a denial of service condition
        or disclose memory contents.
    
      - An integer overflow condition exists within file
        ext/standard/string.c when handling string lengths due
        to improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        have an unspecified impact.
    
      - A NULL pointer dereference flaw exists in the
        _gdScaleVert() function within file
        ext/gd/libgd/gd_interpolation.c that is triggered when
        handling _gdContributionsCalc return values. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition.
    
      - An integer overflow condition exists in the nl2br()
        function within file ext/standard/string.c when handling
        new_length values due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to have an unspecified impact.
    
      - An integer overflow condition exists in multiple
        functions within file ext/standard/string.c when
        handling string values due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to have an unspecified impact.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.5.37");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.5.37 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5768");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/01");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.5)?$")
      audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.5\.") audit(AUDIT_NOT_DETECT, "PHP version 5.5.x", port);
    
    if (version =~ "^5\.5\." && ver_compare(ver:version, fix:"5.5.37", strict:FALSE) < 0){
      security_report_v4(
      port  : port,
      extra :
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 5.5.37' +
        '\n',
      severity:SECURITY_HOLE
      );
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1842.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-09-17
    plugin id128894
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128894
    titleEulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1842)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128894);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2015-8874"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1842)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the gd package installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerability :
    
      - Stack consumption vulnerability in GD in PHP before
        5.6.12 allows remote attackers to cause a denial of
        service via a crafted imagefilltoborder
        call.(CVE-2015-8874)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1842
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?49c13ddf");
      script_set_attribute(attribute:"solution", value:
    "Update the affected gd package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["gd-2.0.35-26.h5"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_6_12.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spl_dllist.c due to improper sanitization of input to the unserialize() function. An attacker can exploit this, by using a specially crafted SplDoublyLinkedList object, to deference freed memory and thus execute arbitrary code. - A use-after-free error exists in file spl_observer.c due to improper sanitization of input to the unserialize() function. An attacker can exploit this, by using a specially crafted SplObjectStorage object, to deference freed memory and thus execute arbitrary code. - A use-after-free error exists in file spl_array.c due to improper sanitization of input to the unserialize() function. An attacker can exploit this, by using a specially crafted SplArrayObject object, to deference freed memory and thus execute arbitrary code. - A flaw exists in file zend_exceptions.c due to the improper use of the function unserialize() during recursive method calls. A remote attacker can exploit this to crash an application using PHP. - A flaw exists in file zend_exceptions.c due to insufficient type checking by functions unserialize() and __toString(). A remote attacker can exploit this to cause a NULL pointer deference or unexpected method execution, thus causing an application using PHP to crash. - A path traversal flaw exists in file phar_object.c due to improper sanitization of user-supplied input. An attacker can exploit this to write arbitrary files. - Multiple type confusion flaws exist in the _call() method in file php_http.c when handling calls for zend_hash_get_current_key or
    last seen2020-06-01
    modified2020-06-02
    plugin id85300
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85300
    titlePHP 5.6.x < 5.6.12 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85300);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-6831",
        "CVE-2015-6832",
        "CVE-2015-6833",
        "CVE-2015-8867",
        "CVE-2015-8874",
        "CVE-2015-8879"
      );
      script_bugtraq_id(
        76735,
        76737,
        76739,
        87481,
        90714,
        90842
      );
    
      script_name(english:"PHP 5.6.x < 5.6.12 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.6.x prior to 5.6.12. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A use-after-free error exists in file spl_dllist.c due
        to improper sanitization of input to the unserialize()
        function. An attacker can exploit this, by using a
        specially crafted SplDoublyLinkedList object, to
        deference freed memory and thus execute arbitrary code.
    
      - A use-after-free error exists in file spl_observer.c due
        to improper sanitization of input to the unserialize()
        function. An attacker can exploit this, by using a 
        specially crafted SplObjectStorage object, to deference
        freed memory and thus execute arbitrary code.
    
      - A use-after-free error exists in file spl_array.c due
        to improper sanitization of input to the unserialize()
        function. An attacker can exploit this, by using a
        specially crafted SplArrayObject object, to deference
        freed memory and thus execute arbitrary code.
    
      - A flaw exists in file zend_exceptions.c due to the
        improper use of the function unserialize() during
        recursive method calls. A remote attacker can exploit
        this to crash an application using PHP.
    
      - A flaw exists in file zend_exceptions.c due to
        insufficient type checking by functions unserialize()
        and __toString(). A remote attacker can exploit this to
        cause a NULL pointer deference or unexpected method
        execution, thus causing an application using PHP to
        crash.
    
      - A path traversal flaw exists in file phar_object.c due
        to improper sanitization of user-supplied input. An
        attacker can exploit this to write arbitrary files.
    
      - Multiple type confusion flaws exist in the _call()
        method in file php_http.c when handling calls for
        zend_hash_get_current_key or 'Z*'. An attacker can
        exploit this to disclose memory contents or crash
        an application using PHP.
    
      - A dangling pointer error exists in file spl_array.c due
        to improper sanitization of input to the unserialize()
        function. An attacker can exploit this, by using a
        specially crafted SplDoublyLinkedList object, to gain
        control over a deallocated pointer and thus execute
        arbitrary code.
    
      - A flaw exists in the file gd.c due to the improper
        handling of images with large negative coordinates by
        the imagefilltoborder() function. An attacker can
        exploit this to cause a stack overflow, thus crashing
        an application using PHP.
    
      - A flaw exists in the file php_odbc.c when the
        odbc_fetch_array() function handles columns that are
        defined as NVARCHAR(MAX). An attacker can exploit this
        to crash an application using PHP.
    
      - The openssl_random_pseudo_bytes() function in file
        openssl.c does not generate sufficiently random numbers.
        This allows an attacker to more easily predict the
        results, thus allowing further attacks to be carried
        out.
    
      - A user-after-free error exists in the unserialize()
        function in spl_observer.c due to improper validation
        of user-supplied input. A remote attacker can exploit
        this to dereference already freed memory, potentially
        resulting in the execution of arbitrary code.
    
      - A type confusion flaw exists in the
        serialize_function_call() function in soap.c due to
        improper validation of input passed via the header
        field. A remote attacker can exploit this to execute
        arbitrary code.
    
      - A use-after-free error exists in the unserialize()
        function in spl_dllist.c that is triggered during the
        deserialization of user-supplied input. A remote
        attacker can exploit this to dereference already freed
        memory, potentially resulting in the execution of
        arbitrary code.
    
      - A user-after-free error exists in the gmp_unserialize()
        function in gmp.c due to improper validation of
        user-supplied input. A remote attacker can exploit this
        to dereference already freed memory, potentially
        resulting in the execution of arbitrary code.
    
      - An integer truncation flaw exists in the
        zend_hash_compare() function in zend_hash.c that is
        triggered when comparing arrays. A remote attacker can
        exploit this to cause arrays to be improperly matched
        during comparison.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.12");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2015/Aug/17");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2015/Aug/18");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2015/Aug/19");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=69793");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=70121");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.6.12 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6831");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/11");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port);
    
    if (version =~ "^5\.6\.([0-9]|1[01])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : '+source +
          '\n  Installed version : '+version +
          '\n  Fixed version     : 5.6.12' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1581-1.NASL
    descriptionThis update for php53 fixes the following issues : - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id91665
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91665
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1581-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91665);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2014-9767", "CVE-2015-4116", "CVE-2015-7803", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8879", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114");
    
      script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php53 fixes the following issues :
    
      - CVE-2016-5093: A get_icu_value_internal out-of-bounds
        read could crash the php interpreter (bsc#982010)
    
      - CVE-2016-5094,CVE-2016-5095: Don't allow creating
        strings with lengths outside int range, avoids overflows
        (bsc#982011,bsc#982012)
    
      - CVE-2016-5096: A int/size_t confusion in fread could
        corrupt memory (bsc#982013)
    
      - CVE-2016-5114: A fpm_log.c memory leak and buffer
        overflow could leak information out of the php process
        or overwrite a buffer by 1 byte (bsc#982162)
    
      - CVE-2016-4346: A heap overflow was fixed in
        ext/standard/string.c (bsc#977994)
    
      - CVE-2016-4342: A heap corruption was fixed in
        tar/zip/phar parser (bsc#977991)
    
      - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative
        scale causing heap buffer overflow corrupting _one_
        definition (bsc#978827)
    
      - CVE-2016-4539: Malformed input causes segmentation fault
        in xml_parse_into_struct() function (bsc#978828)
    
      - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
        in zif_grapheme_stripos when given negative offset
        (bsc#978829)
    
      - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
        Out-of-bounds heap memory read in exif_read_data()
        caused by malformed input (bsc#978830)
    
      - CVE-2015-4116: Use-after-free vulnerability in the
        spl_ptr_heap_insert function (bsc#980366)
    
      - CVE-2015-8873: Stack consumption vulnerability in
        Zend/zend_exceptions.c (bsc#980373)
    
      - CVE-2015-8874: Stack consumption vulnerability in GD
        (bsc#980375)
    
      - CVE-2015-8879: odbc_bindcols function in
        ext/odbc/php_odbc.c mishandles driver behavior for
        SQL_WVARCHAR (bsc#981050)
    
    Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet
    shipped to SUSE Linux Enterprise Server 11 SP3 LTSS :
    
      - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM
        (bnc#973792).
    
      - CVE-2015-8835: SoapClient s_call method suffered from a
        type confusion issue that could have lead to crashes
        [bsc#973351]
    
      - CVE-2016-2554: A NULL pointer dereference in
        phar_get_fp_offset could lead to crashes. [bsc#968284]
    
      - CVE-2015-7803: A Stack overflow vulnerability when
        decompressing tar phar archives could potentially lead
        to code execution. [bsc#949961]
    
      - CVE-2016-3141: A use-after-free / double-free in the
        WDDX deserialization could lead to crashes or potential
        code execution. [bsc#969821]
    
      - CVE-2016-3142: An Out-of-bounds read in
        phar_parse_zipfile() could lead to crashes. [bsc#971912]
    
      - CVE-2014-9767: A directory traversal when extracting zip
        files was fixed that could lead to overwritten files.
        [bsc#971612]
    
      - CVE-2016-3185: A type confusion vulnerability in
        make_http_soap_request() could lead to crashes or
        potentially code execution. [bsc#971611]
    
      - CVE-2016-4073: A remote attacker could have caused
        denial of service, or possibly execute arbitrary code,
        due to incorrect handling of string length calculations
        in mb_strcut() (bsc#977003)
    
      - CVE-2015-8867: The PHP function
        openssl_random_pseudo_bytes() did not return
        cryptographically secure random bytes (bsc#977005)
    
      - CVE-2016-4070: The libxml_disable_entity_loader()
        setting was shared between threads, which could have
        resulted in XML external entity injection and entity
        expansion issues (bsc#976997)
    
      - CVE-2015-8866: A remote attacker could have caused
        denial of service due to incorrect handling of large
        strings in php_raw_url_encode() (bsc#976996)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=949961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=968284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971611"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=976997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=977994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=982162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9767/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4116/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7803/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8838/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8866/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8867/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8873/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3141/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3142/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4070/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4538/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4539/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4540/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4543/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4544/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5094/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5095/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5096/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5114/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161581-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc359603"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 5 :
    
    zypper in -t patch sleclo50sp3-php53-12611=1
    
    SUSE Manager Proxy 2.1 :
    
    zypper in -t patch slemap21-php53-12611=1
    
    SUSE Manager 2.1 :
    
    zypper in -t patch sleman21-php53-12611=1
    
    SUSE Linux Enterprise Software Development Kit 11-SP4 :
    
    zypper in -t patch sdksp4-php53-12611=1
    
    SUSE Linux Enterprise Server 11-SP4 :
    
    zypper in -t patch slessp4-php53-12611=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS :
    
    zypper in -t patch slessp3-php53-12611=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4 :
    
    zypper in -t patch dbgsp4-php53-12611=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3 :
    
    zypper in -t patch dbgsp3-php53-12611=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-mod_php53-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bcmath-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bz2-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-calendar-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ctype-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-curl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dba-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dom-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-exif-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fastcgi-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fileinfo-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ftp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gd-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gettext-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gmp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-iconv-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-intl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-json-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ldap-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mbstring-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mcrypt-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mysql-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-odbc-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-openssl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pcntl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pdo-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pear-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pgsql-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pspell-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-shmop-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-snmp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-soap-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-suhosin-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvmsg-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvsem-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvshm-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-tokenizer-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-wddx-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlreader-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlrpc-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlwriter-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xsl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zip-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zlib-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-mod_php53-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bcmath-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bz2-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-calendar-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ctype-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-curl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dba-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dom-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-exif-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fastcgi-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fileinfo-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ftp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gd-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gettext-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gmp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-iconv-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-intl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-json-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ldap-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mbstring-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mcrypt-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mysql-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-odbc-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-openssl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pcntl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pdo-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pear-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pgsql-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pspell-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-shmop-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-snmp-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-soap-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-suhosin-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvmsg-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvsem-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvshm-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-tokenizer-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-wddx-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlreader-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlrpc-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlwriter-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xsl-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zip-5.3.17-71.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zlib-5.3.17-71.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-482.NASL
    descriptionIt was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call. For Debian 7
    last seen2020-03-17
    modified2016-05-20
    plugin id91264
    published2016-05-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91264
    titleDebian DLA-482-1 : libgd2 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-482-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91264);
      script_version("2.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2015-8874");
    
      script_name(english:"Debian DLA-482-1 : libgd2 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that there was a stack consumption vulnerability in
    the libgd2 graphics library which allowed remote attackers to cause a
    denial of service via a crafted imagefilltoborder call.
    
    For Debian 7 'Wheezy', this issue has been fixed in libgd2 version
    2.0.36~rc1~dfsg-6.1+deb7u3.
    
    We recommend that you upgrade your libgd2 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2016/05/msg00035.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/libgd2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-noxpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-xpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2-xpm-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libgd-tools", reference:"2.0.36~rc1~dfsg-6.1+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgd2-noxpm", reference:"2.0.36~rc1~dfsg-6.1+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgd2-noxpm-dev", reference:"2.0.36~rc1~dfsg-6.1+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgd2-xpm", reference:"2.0.36~rc1~dfsg-6.1+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgd2-xpm-dev", reference:"2.0.36~rc1~dfsg-6.1+deb7u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3587.NASL
    descriptionSeveral vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.
    last seen2020-06-01
    modified2020-06-02
    plugin id91364
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91364
    titleDebian DSA-3587-1 : libgd2 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3587. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91364);
      script_version("2.10");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2013-7456", "CVE-2015-8874", "CVE-2015-8877");
      script_xref(name:"DSA", value:"3587");
    
      script_name(english:"Debian DSA-3587-1 : libgd2 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in libgd2, a library for
    programmatic graphics creation and manipulation. A remote attacker can
    take advantage of these flaws to cause a denial-of-service against an
    application using the libgd2 library."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libgd2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2016/dsa-3587"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libgd2 packages.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 2.1.0-5+deb8u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgd2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libgd-dbg", reference:"2.1.0-5+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgd-dev", reference:"2.1.0-5+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgd-tools", reference:"2.1.0-5+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgd2-noxpm-dev", reference:"2.1.0-5+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgd2-xpm-dev", reference:"2.1.0-5+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgd3", reference:"2.1.0-5+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131592);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2011-4718",
        "CVE-2014-9767",
        "CVE-2014-9912",
        "CVE-2015-5589",
        "CVE-2015-6831",
        "CVE-2015-6832",
        "CVE-2015-6833",
        "CVE-2015-7803",
        "CVE-2015-7804",
        "CVE-2015-8382",
        "CVE-2015-8835",
        "CVE-2015-8867",
        "CVE-2015-8874",
        "CVE-2015-8879",
        "CVE-2015-8935",
        "CVE-2016-10397",
        "CVE-2016-2554",
        "CVE-2016-3141",
        "CVE-2016-3142",
        "CVE-2016-3185",
        "CVE-2016-4070",
        "CVE-2016-4539",
        "CVE-2016-4540",
        "CVE-2016-4541",
        "CVE-2016-4542",
        "CVE-2016-4543",
        "CVE-2016-5093",
        "CVE-2016-5094",
        "CVE-2016-6288",
        "CVE-2016-6291",
        "CVE-2016-6292",
        "CVE-2016-6293",
        "CVE-2016-6294",
        "CVE-2016-7124",
        "CVE-2016-7125",
        "CVE-2016-7128",
        "CVE-2016-7411",
        "CVE-2016-7412",
        "CVE-2016-7414",
        "CVE-2016-7418",
        "CVE-2016-7480",
        "CVE-2016-9934",
        "CVE-2016-9935",
        "CVE-2017-11143",
        "CVE-2017-11144",
        "CVE-2017-11147",
        "CVE-2017-11628",
        "CVE-2017-12933",
        "CVE-2017-16642",
        "CVE-2017-7272",
        "CVE-2017-9224",
        "CVE-2017-9226",
        "CVE-2017-9227",
        "CVE-2017-9228",
        "CVE-2017-9229",
        "CVE-2018-10545",
        "CVE-2018-10547",
        "CVE-2018-14851",
        "CVE-2018-17082",
        "CVE-2018-5712",
        "CVE-2019-11040",
        "CVE-2019-11041",
        "CVE-2019-11042",
        "CVE-2019-11043"
      );
      script_bugtraq_id(
        61929,
        75974
      );
    
      script_name(english:"EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24
        and 7.3.x below 7.3.11 in certain configurations of FPM
        setup it is possible to cause FPM module to write past
        allocated buffers into the space reserved for FCGI
        protocol data, thus opening the possibility of remote
        code execution.(CVE-2019-11043)
    
      - The finish_nested_data function in
        ext/standard/var_unserializer.re in PHP before 5.6.31,
        7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to
        a buffer over-read while unserializing untrusted data.
        Exploitation of this issue can have an unspecified
        impact on the integrity of PHP.(CVE-2017-12933)
    
      - ext/standard/var_unserializer.c in PHP before 5.6.25
        and 7.x before 7.0.10 mishandles certain invalid
        objects, which allows remote attackers to cause a
        denial of service or possibly have unspecified other
        impact via crafted serialized data that leads to a (1)
        __destruct call or (2) magic method
        call.(CVE-2016-7124)
    
      - The match function in pcre_exec.c in PCRE before 8.37
        mishandles the
        /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi
        )abc)|((*ACCEPT)))/ pattern and related patterns
        involving (*ACCEPT), which allows remote attackers to
        obtain sensitive information from process memory or
        cause a denial of service (partially initialized memory
        and application crash) via a crafted regular
        expression, as demonstrated by a JavaScript RegExp
        object encountered by Konqueror, aka
        ZDI-CAN-2547.(CVE-2015-8382)
    
      - An issue was discovered in PHP before 5.6.33, 7.0.x
        before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before
        7.2.1. There is Reflected XSS on the PHAR 404 error
        page via the URI of a request for a .phar
        file.(CVE-2018-5712)
    
      - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP
        before 5.6.37, 7.0.x before 7.0.31, 7.1.x before
        7.1.20, and 7.2.x before 7.2.8 allows remote attackers
        to cause a denial of service (out-of-bounds read and
        application crash) via a crafted JPEG
        file.(CVE-2018-14851)
    
      - The SplObjectStorage unserialize implementation in
        ext/spl/spl_observer.c in PHP before 7.0.12 does not
        verify that a key is an object, which allows remote
        attackers to execute arbitrary code or cause a denial
        of service (uninitialized memory access) via crafted
        serialized data.(CVE-2016-7480)
    
      - ext/standard/var_unserializer.re in PHP before 5.6.26
        mishandles object-deserialization failures, which
        allows remote attackers to cause a denial of service
        (memory corruption) or possibly have unspecified other
        impact via an unserialize call that references a
        partially constructed object.(CVE-2016-7411)
    
      - The odbc_bindcols function in ext/odbc/php_odbc.c in
        PHP before 5.6.12 mishandles driver behavior for
        SQL_WVARCHAR columns, which allows remote attackers to
        cause a denial of service (application crash) in
        opportunistic circumstances by leveraging use of the
        odbc_fetch_array function to access a certain type of
        Microsoft SQL Server table.(CVE-2015-8879)
    
      - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x
        before 7.1.11, an error in the date extension's
        timelib_meridian handling of 'front of' and 'back of'
        directives could be used by attackers able to supply
        date strings to leak information from the interpreter,
        related to ext/date/lib/parse_date.c out-of-bounds
        reads affecting the php_parse_date function. NOTE: this
        is a different issue than
        CVE-2017-11145.(CVE-2017-16642)
    
      - The exif_process_IFD_in_JPEG function in
        ext/exif/exif.c in PHP before 5.5.35, 5.6.x before
        5.6.21, and 7.x before 7.0.6 does not validate IFD
        sizes, which allows remote attackers to cause a denial
        of service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header
        data.(CVE-2016-4543)
    
      - The exif_process_IFD_TAG function in ext/exif/exif.c in
        PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before
        7.0.6 does not properly construct spprintf arguments,
        which allows remote attackers to cause a denial of
        service (out-of-bounds read) or possibly have
        unspecified other impact via crafted header
        data.(CVE-2016-4542)
    
      - The grapheme_strpos function in
        ext/intl/grapheme/grapheme_string.c in PHP before
        5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6
        allows remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset.(CVE-2016-4541)
    
      - The grapheme_stripos function in
        ext/intl/grapheme/grapheme_string.c in PHP before
        5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6
        allows remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a negative offset.(CVE-2016-4540)
    
      - The xml_parse_into_struct function in ext/xml/xml.c in
        PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before
        7.0.6 allows remote attackers to cause a denial of
        service (buffer under-read and segmentation fault) or
        possibly have unspecified other impact via crafted XML
        data in the second argument, leading to a parser level
        of zero.(CVE-2016-4539)
    
      - ** DISPUTED ** Integer overflow in the
        php_raw_url_encode function in ext/standard/url.c in
        PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before
        7.0.5 allows remote attackers to cause a denial of
        service (application crash) via a long string to the
        rawurlencode function. NOTE: the vendor says 'Not sure
        if this qualifies as security issue (probably
        not).'(CVE-2016-4070)
    
      - Use-after-free vulnerability in wddx.c in the WDDX
        extension in PHP before 5.5.33 and 5.6.x before 5.6.19
        allows remote attackers to cause a denial of service
        (memory corruption and application crash) or possibly
        have unspecified other impact by triggering a
        wddx_deserialize call on XML data containing a crafted
        var element.(CVE-2016-3141)
    
      - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect
        handling of various URI components in the URL parser
        could be used by attackers to bypass hostname-specific
        URL checks, as demonstrated by
        evil.example.com:80#@good.example.com/ and
        evil.example.com:[email protected]/ inputs to the
        parse_url function (implemented in the php_url_parse_ex
        function in ext/standard/url.c).(CVE-2016-10397)
    
      - Multiple use-after-free vulnerabilities in SPL in PHP
        before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before
        5.6.12 allow remote attackers to execute arbitrary code
        via vectors involving (1) ArrayObject, (2)
        SplObjectStorage, and (3) SplDoublyLinkedList, which
        are mishandled during unserialization.(CVE-2015-6831)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A heap out-of-bounds write occurs in
        bitset_set_range() during regular expression
        compilation due to an uninitialized variable from an
        incorrect state transition. An incorrect state
        transition in parse_char_class() could create an
        execution path that leaves a critical local variable
        uninitialized until it's used as an index, resulting in
        an out-of-bounds write memory
        corruption.(CVE-2017-9228)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A stack out-of-bounds read occurs in
        mbc_enc_len() during regular expression searching.
        Invalid handling of reg->dmin in forward_search_range()
        could result in an invalid pointer dereference, as an
        out-of-bounds read from a stack buffer.(CVE-2017-9227)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A heap out-of-bounds write or read
        occurs in next_state_val() during regular expression
        compilation. Octal numbers larger than 0xff are not
        handled correctly in fetch_token() and
        fetch_token_in_cc(). A malformed regular expression
        containing an octal number in the form of '\700' would
        produce an invalid code point value larger than 0xff in
        next_state_val(), resulting in an out-of-bounds write
        memory corruption.(CVE-2017-9226)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A stack out-of-bounds read occurs in
        match_at() during regular expression searching. A
        logical error involving order of validation and access
        in match_at() could result in an out-of-bounds read
        from a stack buffer.(CVE-2017-9224)
    
      - The exif_process_IFD_in_MAKERNOTE function in
        ext/exif/exif.c in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9 allows remote attackers to
        cause a denial of service (out-of-bounds array access
        and memory corruption), obtain sensitive information
        from process memory, or possibly have unspecified other
        impact via a crafted JPEG image.(CVE-2016-6291)
    
      - The php_url_parse_ex function in ext/standard/url.c in
        PHP before 5.5.38 allows remote attackers to cause a
        denial of service (buffer over-read) or possibly have
        unspecified other impact via vectors involving the
        smart_str data type.(CVE-2016-6288)
    
      - Integer overflow in the php_html_entities function in
        ext/standard/html.c in PHP before 5.5.36 and 5.6.x
        before 5.6.22 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact by
        triggering a large output string from the
        htmlspecialchars function.(CVE-2016-5094)
    
      - The get_icu_value_internal function in
        ext/intl/locale/locale_methods.c in PHP before 5.5.36,
        5.6.x before 5.6.22, and 7.x before 7.0.7 does not
        ensure the presence of a '\0' character, which allows
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a crafted locale_get_primary_language
        call.(CVE-2016-5093)
    
      - In PHP before 5.6.31, an invalid free in the WDDX
        deserialization of boolean parameters could be used by
        attackers able to inject XML for deserialization to
        crash the PHP interpreter, related to an invalid free
        for an empty boolean element in
        ext/wddx/wddx.c.(CVE-2017-11143)
    
      - The php_wddx_push_element function in ext/wddx/wddx.c
        in PHP before 5.6.29 and 7.x before 7.0.14 allows
        remote attackers to cause a denial of service
        (out-of-bounds read and memory corruption) or possibly
        have unspecified other impact via an empty boolean
        element in a wddxPacket XML document.(CVE-2016-9935)
    
      - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before
        7.0.13 allows remote attackers to cause a denial of
        service (NULL pointer dereference) via crafted
        serialized data in a wddxPacket XML document, as
        demonstrated by a PDORow string.(CVE-2016-9934)
    
      - The ZIP signature-verification feature in PHP before
        5.6.26 and 7.x before 7.0.11 does not ensure that the
        uncompressed_filesize field is large enough, which
        allows remote attackers to cause a denial of service
        (out-of-bounds memory access) or possibly have
        unspecified other impact via a crafted PHAR archive,
        related to ext/phar/util.c and
        ext/phar/zip.c.(CVE-2016-7414)
    
      - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26
        and 7.x before 7.0.11 does not verify that a BIT field
        has the UNSIGNED_FLAG flag, which allows remote MySQL
        servers to cause a denial of service (heap-based buffer
        overflow) or possibly have unspecified other impact via
        crafted field metadata.(CVE-2016-7412)
    
      - An issue was discovered in Oniguruma 6.2.0, as used in
        Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP
        through 7.1.5. A SIGSEGV occurs in
        left_adjust_char_head() during regular expression
        compilation. Invalid handling of reg->dmax in
        forward_search_range() could result in an invalid
        pointer dereference, normally as an immediate
        denial-of-service condition.(CVE-2017-9229)
    
      - The openssl_random_pseudo_bytes function in
        ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x
        before 5.5.28, and 5.6.x before 5.6.12 incorrectly
        relies on the deprecated RAND_pseudo_bytes function,
        which makes it easier for remote attackers to defeat
        cryptographic protection mechanisms via unspecified
        vectors.(CVE-2015-8867)
    
      - The sapi_header_op function in main/SAPI.c in PHP
        before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before
        5.6.6 supports deprecated line folding without
        considering browser compatibility, which allows remote
        attackers to conduct cross-site scripting (XSS) attacks
        against Internet Explorer by leveraging (1) %0A%20 or
        (2) %0D%0A%20 mishandling in the header
        function.(CVE-2015-8935)
    
      - An issue was discovered in PHP before 5.6.35, 7.0.x
        before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before
        7.2.4. Dumpable FPM child processes allow bypassing
        opcache access controls because fpm_unix.c makes a
        PR_SET_DUMPABLE prctl call, allowing one user (in a
        multiuser environment) to obtain sensitive information
        from the process memory of a second user's PHP
        applications by running gcore on the PID of the PHP-FPM
        worker process.(CVE-2018-10545)
    
      - An issue was discovered in ext/phar/phar_object.c in
        PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before
        7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS
        on the PHAR 403 and 404 error pages via request data of
        a request for a .phar file. NOTE: this vulnerability
        exists because of an incomplete fix for
        CVE-2018-5712.(CVE-2018-10547)
    
      - The Apache2 component in PHP before 5.6.38, 7.0.x
        before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before
        7.2.10 allows XSS via the body of a 'Transfer-Encoding:
        chunked' request, because the bucket brigade is
        mishandled in the php_handler function in
        sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)
    
      - PHP through 7.1.11 enables potential SSRF in
        applications that accept an fsockopen or pfsockopen
        hostname argument with an expectation that the port
        number is constrained. Because a :port syntax is
        recognized, fsockopen will use the port number that is
        specified in the hostname argument, instead of the port
        number in the second argument of the
        function.(CVE-2017-7272 )
    
      - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x
        before 7.1.7, a stack-based buffer overflow in the
        zend_ini_do_op() function in Zend/zend_ini_parser.c
        could cause a denial of service or potentially allow
        executing code. NOTE: this is only relevant for PHP
        applications that accept untrusted input (instead of
        the system's php.ini file) for the parse_ini_string or
        parse_ini_file function, e.g., a web application for
        syntax validation of php.ini
        directives.(CVE-2017-11628)
    
      - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR
        archive handler could be used by attackers supplying
        malicious archive files to crash the PHP interpreter or
        potentially disclose information due to a buffer
        over-read in the phar_parse_pharfile function in
        ext/phar/phar.c.(CVE-2017-11147)
    
      - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x
        before 7.1.7, the openssl extension PEM sealing code
        did not check the return value of the OpenSSL sealing
        function, which could lead to a crash of the PHP
        interpreter, related to an interpretation conflict for
        a negative number in ext/openssl/openssl.c, and an
        OpenSSL documentation omission.(CVE-2017-11144)
    
      - The locale_accept_from_http function in
        ext/intl/locale/locale_methods.c in PHP before 5.5.38,
        5.6.x before 5.6.24, and 7.x before 7.0.9 does not
        properly restrict calls to the ICU
        uloc_acceptLanguageFromHTTP function, which allows
        remote attackers to cause a denial of service
        (out-of-bounds read) or possibly have unspecified other
        impact via a call with a long argument.(CVE-2016-6294)
    
      - Session fixation vulnerability in the Sessions
        subsystem in PHP before 5.5.2 allows remote attackers
        to hijack web sessions by specifying a session
        ID.(CVE-2011-4718)
    
      - Off-by-one error in the phar_parse_zipfile function in
        ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before
        5.6.14 allows remote attackers to cause a denial of
        service (uninitialized pointer dereference and
        application crash) by including the / filename in a
        .zip PHAR archive.(CVE-2015-7804)
    
      - The php_wddx_push_element function in ext/wddx/wddx.c
        in PHP before 5.6.26 and 7.x before 7.0.11 allows
        remote attackers to cause a denial of service (invalid
        pointer access and out-of-bounds read) or possibly have
        unspecified other impact via an incorrect boolean
        element in a wddxPacket XML document, leading to
        mishandling in a wddx_deserialize call.(CVE-2016-7418)
    
      - The exif_process_user_comment function in
        ext/exif/exif.c in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9 allows remote attackers to
        cause a denial of service (NULL pointer dereference and
        application crash) via a crafted JPEG
        image.(CVE-2016-6292)
    
      - The make_http_soap_request function in
        ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before
        5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4
        allows remote attackers to obtain sensitive information
        from process memory or cause a denial of service (type
        confusion and application crash) via crafted serialized
        _cookies data, related to the SoapClient::__call method
        in ext/soap/soap.c.(CVE-2016-3185)
    
      - Directory traversal vulnerability in the
        ZipArchive::extractTo function in ext/zip/php_zip.c in
        PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x
        before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before
        3.12.1 allows remote attackers to create arbitrary
        empty directories via a crafted ZIP
        archive.(CVE-2014-9767)
    
      - The phar_convert_to_other function in
        ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x
        before 5.5.27, and 5.6.x before 5.6.11 does not
        validate a file pointer before a close operation, which
        allows remote attackers to cause a denial of service
        (segmentation fault) or possibly have unspecified other
        impact via a crafted TAR archive that is mishandled in
        a Phar::convertToData call.(CVE-2015-5589)
    
      - Directory traversal vulnerability in the PharData class
        in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x
        before 5.6.12 allows remote attackers to write to
        arbitrary files via a .. (dot dot) in a ZIP archive
        entry that is mishandled during an extractTo
        call.(CVE-2015-6833)
    
      - The phar_get_entry_data function in ext/phar/util.c in
        PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote
        attackers to cause a denial of service (NULL pointer
        dereference and application crash) via a .phar file
        with a crafted TAR archive entry in which the Link
        indicator references a file that does not
        exist.(CVE-2015-7803)
    
      - Stack consumption vulnerability in GD in PHP before
        5.6.12 allows remote attackers to cause a denial of
        service via a crafted imagefilltoborder
        call.(CVE-2015-8874)
    
      - Stack-based buffer overflow in ext/phar/tar.c in PHP
        before 5.5.32, 5.6.x before 5.6.18, and 7.x before
        7.0.3 allows remote attackers to cause a denial of
        service (application crash) or possibly have
        unspecified other impact via a crafted TAR
        archive.(CVE-2016-2554)
    
      - The phar_parse_zipfile function in zip.c in the PHAR
        extension in PHP before 5.5.33 and 5.6.x before 5.6.19
        allows remote attackers to obtain sensitive information
        from process memory or cause a denial of service
        (out-of-bounds read and application crash) by placing a
        PK\x05\x06 signature at an invalid
        location.(CVE-2016-3142)
    
      - ext/session/session.c in PHP before 5.6.25 and 7.x
        before 7.0.10 skips invalid session names in a way that
        triggers incorrect parsing, which allows remote
        attackers to inject arbitrary-type session data by
        leveraging control of a session name, as demonstrated
        by object injection.(CVE-2016-7125)
    
      - The exif_process_IFD_in_TIFF function in
        ext/exif/exif.c in PHP before 5.6.25 and 7.x before
        7.0.10 mishandles the case of a thumbnail offset that
        exceeds the file size, which allows remote attackers to
        obtain sensitive information from process memory via a
        crafted TIFF image.(CVE-2016-7128)
    
      - The get_icu_disp_value_src_php function in
        ext/intl/locale/locale_methods.c in PHP before 5.3.29,
        5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not
        properly restrict calls to the ICU uresbund.cpp
        component, which allows remote attackers to cause a
        denial of service (buffer overflow) or possibly have
        unspecified other impact via a locale_get_display_name
        call with a long first argument.(CVE-2014-9912)
    
      - Use-after-free vulnerability in the SPL unserialize
        implementation in ext/spl/spl_array.c in PHP before
        5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12
        allows remote attackers to execute arbitrary code via
        crafted serialized data that triggers misuse of an
        array field.(CVE-2015-6832)
    
      - The make_http_soap_request function in
        ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before
        5.5.28, and 5.6.x before 5.6.12 does not properly
        retrieve keys, which allows remote attackers to cause a
        denial of service (NULL pointer dereference, type
        confusion, and application crash) or possibly execute
        arbitrary code via crafted serialized data representing
        a numerically indexed _cookies array, related to the
        SoapClient::__call method in
        ext/soap/soap.c.(CVE-2015-8835)
    
      - The uloc_acceptLanguageFromHTTP function in
        common/uloc.cpp in International Components for Unicode
        (ICU) through 57.1 for C/C++ does not ensure that there
        is a '\0' character at the end of a certain temporary
        array, which allows remote attackers to cause a denial
        of service (out-of-bounds read) or possibly have
        unspecified other impact via a call with a long
        httpAcceptLanguage argument.(CVE-2016-6293)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and
        7.3.x below 7.3.6 it is possible to supply it with data
        what will cause it to read past the allocated buffer.
        This may lead to information disclosure or
        crash.(CVE-2019-11040)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and
        7.3.x below 7.3.8 it is possible to supply it with data
        what will cause it to read past the allocated buffer.
        This may lead to information disclosure or
        crash.(CVE-2019-11041)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and
        7.3.x below 7.3.8 it is possible to supply it with data
        what will cause it to read past the allocated buffer.
        This may lead to information disclosure or
        crash.(CVE-2019-11042)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72902c09");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-42.h63",
            "php-cli-5.4.16-42.h63",
            "php-common-5.4.16-42.h63",
            "php-gd-5.4.16-42.h63",
            "php-ldap-5.4.16-42.h63",
            "php-mysql-5.4.16-42.h63",
            "php-odbc-5.4.16-42.h63",
            "php-pdo-5.4.16-42.h63",
            "php-pgsql-5.4.16-42.h63",
            "php-process-5.4.16-42.h63",
            "php-recode-5.4.16-42.h63",
            "php-soap-5.4.16-42.h63",
            "php-xml-5.4.16-42.h63",
            "php-xmlrpc-5.4.16-42.h63"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1984.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912) - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116) - A flaw was found in the way the way PHP
    last seen2020-05-08
    modified2019-09-24
    plugin id129178
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129178
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_66D77C583B1D11E68E82002590263BF5.NASL
    descriptionThe PHP Group reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id91839
    published2016-06-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91839
    titleFreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)

Redhat

advisories
rhsa
idRHSA-2016:2750
rpms
  • rh-php56-0:2.3-1.el6
  • rh-php56-0:2.3-1.el7
  • rh-php56-php-0:5.6.25-1.el6
  • rh-php56-php-0:5.6.25-1.el7
  • rh-php56-php-bcmath-0:5.6.25-1.el6
  • rh-php56-php-bcmath-0:5.6.25-1.el7
  • rh-php56-php-cli-0:5.6.25-1.el6
  • rh-php56-php-cli-0:5.6.25-1.el7
  • rh-php56-php-common-0:5.6.25-1.el6
  • rh-php56-php-common-0:5.6.25-1.el7
  • rh-php56-php-dba-0:5.6.25-1.el6
  • rh-php56-php-dba-0:5.6.25-1.el7
  • rh-php56-php-dbg-0:5.6.25-1.el6
  • rh-php56-php-dbg-0:5.6.25-1.el7
  • rh-php56-php-debuginfo-0:5.6.25-1.el6
  • rh-php56-php-debuginfo-0:5.6.25-1.el7
  • rh-php56-php-devel-0:5.6.25-1.el6
  • rh-php56-php-devel-0:5.6.25-1.el7
  • rh-php56-php-embedded-0:5.6.25-1.el6
  • rh-php56-php-embedded-0:5.6.25-1.el7
  • rh-php56-php-enchant-0:5.6.25-1.el6
  • rh-php56-php-enchant-0:5.6.25-1.el7
  • rh-php56-php-fpm-0:5.6.25-1.el6
  • rh-php56-php-fpm-0:5.6.25-1.el7
  • rh-php56-php-gd-0:5.6.25-1.el6
  • rh-php56-php-gd-0:5.6.25-1.el7
  • rh-php56-php-gmp-0:5.6.25-1.el6
  • rh-php56-php-gmp-0:5.6.25-1.el7
  • rh-php56-php-imap-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el7
  • rh-php56-php-ldap-0:5.6.25-1.el6
  • rh-php56-php-ldap-0:5.6.25-1.el7
  • rh-php56-php-mbstring-0:5.6.25-1.el6
  • rh-php56-php-mbstring-0:5.6.25-1.el7
  • rh-php56-php-mysqlnd-0:5.6.25-1.el6
  • rh-php56-php-mysqlnd-0:5.6.25-1.el7
  • rh-php56-php-odbc-0:5.6.25-1.el6
  • rh-php56-php-odbc-0:5.6.25-1.el7
  • rh-php56-php-opcache-0:5.6.25-1.el6
  • rh-php56-php-opcache-0:5.6.25-1.el7
  • rh-php56-php-pdo-0:5.6.25-1.el6
  • rh-php56-php-pdo-0:5.6.25-1.el7
  • rh-php56-php-pear-1:1.9.5-4.el6
  • rh-php56-php-pear-1:1.9.5-4.el7
  • rh-php56-php-pgsql-0:5.6.25-1.el6
  • rh-php56-php-pgsql-0:5.6.25-1.el7
  • rh-php56-php-process-0:5.6.25-1.el6
  • rh-php56-php-process-0:5.6.25-1.el7
  • rh-php56-php-pspell-0:5.6.25-1.el6
  • rh-php56-php-pspell-0:5.6.25-1.el7
  • rh-php56-php-recode-0:5.6.25-1.el6
  • rh-php56-php-recode-0:5.6.25-1.el7
  • rh-php56-php-snmp-0:5.6.25-1.el6
  • rh-php56-php-snmp-0:5.6.25-1.el7
  • rh-php56-php-soap-0:5.6.25-1.el6
  • rh-php56-php-soap-0:5.6.25-1.el7
  • rh-php56-php-tidy-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el7
  • rh-php56-php-xmlrpc-0:5.6.25-1.el6
  • rh-php56-php-xmlrpc-0:5.6.25-1.el7
  • rh-php56-runtime-0:2.3-1.el6
  • rh-php56-runtime-0:2.3-1.el7
  • rh-php56-scldevel-0:2.3-1.el6
  • rh-php56-scldevel-0:2.3-1.el7