Vulnerabilities > CVE-2016-7478 - Remote Denial Of Service vulnerability in PHP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
php
nessus

Summary

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. <a href="http://cwe.mitre.org/data/definitions/835.html">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>

Vulnerable Configurations

Part Description Count
Application
Php
202

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-875.NASL
    descriptionSeveral issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-7478: Zend/zend_exceptions.c in PHP allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. CVE-2016-7479: During the unserialization process, resizing the
    last seen2020-03-17
    modified2017-03-28
    plugin id99003
    published2017-03-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99003
    titleDebian DLA-875-1 : php5 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-875-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99003);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-7478", "CVE-2016-7479", "CVE-2017-7272");
    
      script_name(english:"Debian DLA-875-1 : php5 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several issues have been discovered in PHP (recursive acronym for PHP:
    Hypertext Preprocessor), a widely-used open source general-purpose
    scripting language that is especially suited for web development and
    can be embedded into HTML.
    
    CVE-2016-7478: Zend/zend_exceptions.c in PHP allows remote attackers
    to cause a denial of service (infinite loop) via a crafted Exception
    object in serialized data, a related issue to CVE-2015-8876.
    
    CVE-2016-7479: During the unserialization process, resizing the
    'properties' hash table of a serialized object may lead to
    use-after-free. A remote attacker may exploit this bug to gain the
    ability of arbitrary code execution. Even though the property table
    issue only affects PHP 7 this change also prevents a wide range of
    other __wakeup() based attacks.
    
    CVE-2017-7272: The fsockopen() function will use the port number which
    is defined in hostname instead of the port number passed to the second
    parameter of the function. This misbehavior may introduce another
    attack vector for an already known application vulnerability (e.g.
    Server Side Request Forgery).
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    5.4.45-0+deb7u8.
    
    We recommend that you upgrade your php5 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/03/msg00033.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/php5"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libphp5-embed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libapache2-mod-php5", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"libapache2-mod-php5filter", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"libphp5-embed", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php-pear", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-cgi", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-cli", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-common", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-curl", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-dbg", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-dev", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-enchant", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-fpm", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-gd", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-gmp", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-imap", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-interbase", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-intl", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-ldap", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mcrypt", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mysql", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-mysqlnd", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-odbc", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-pgsql", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-pspell", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-recode", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-snmp", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-sqlite", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-sybase", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-tidy", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-xmlrpc", reference:"5.4.45-0+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"php5-xsl", reference:"5.4.45-0+deb7u8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3196-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97190
    published2017-02-15
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97190
    titleUbuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3196-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97190);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2014-9912", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9934", "CVE-2016-9935");
      script_xref(name:"USN", value:"3196-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that PHP incorrectly handled certain arguments to
    the locale_get_display_name function. A remote attacker could use this
    issue to cause PHP to crash, resulting in a denial of service, or
    possibly execute arbitrary code. (CVE-2014-9912)
    
    It was discovered that PHP incorrectly handled certain invalid objects
    when unserializing data. A remote attacker could use this issue to
    cause PHP to hang, resulting in a denial of service. (CVE-2016-7478)
    
    It was discovered that PHP incorrectly handled certain invalid objects
    when unserializing data. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service, or possibly
    execute arbitrary code. (CVE-2016-7479)
    
    It was discovered that PHP incorrectly handled certain invalid objects
    when unserializing data. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.
    (CVE-2016-9137)
    
    It was discovered that PHP incorrectly handled unserializing certain
    wddxPacket XML documents. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service. (CVE-2016-9934)
    
    It was discovered that PHP incorrectly handled unserializing certain
    wddxPacket XML documents. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service, or possibly
    execute arbitrary code. (CVE-2016-9935)
    
    It was discovered that PHP incorrectly handled certain EXIF data. A
    remote attacker could use this issue to cause PHP to crash, resulting
    in a denial of service. (CVE-2016-10158)
    
    It was discovered that PHP incorrectly handled certain PHAR archives.
    A remote attacker could use this issue to cause PHP to crash or
    consume resources, resulting in a denial of service. (CVE-2016-10159)
    
    It was discovered that PHP incorrectly handled certain PHAR archives.
    A remote attacker could use this issue to cause PHP to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2016-10160)
    
    It was discovered that PHP incorrectly handled certain invalid objects
    when unserializing data. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service. (CVE-2016-10161).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3196-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.26")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.26")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.26")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.26")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1B61ECEFCDB911E6A9A5B499BAEBFEAF.NASL
    descriptionCheck Point reports : ... discovered 3 fresh and previously unknown vulnerabilities (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the website, from spreading malware to defacing it or stealing customer data. The last vulnerability generates a Denial of Service attack which basically hangs the website, exhausts its memory consumption, and shuts it down. The PHP security team issued fixes for two of the vulnerabilities on the 13th of October and 1st of December.
    last seen2020-06-01
    modified2020-06-02
    plugin id96292
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96292
    titleFreeBSD : PHP -- multiple vulnerabilities (1b61ecef-cdb9-11e6-a9a5-b499baebfeaf)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96292);
      script_version("3.6");
      script_cvs_date("Date: 2018/11/10 11:49:45");
    
      script_cve_id("CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480");
    
      script_name(english:"FreeBSD : PHP -- multiple vulnerabilities (1b61ecef-cdb9-11e6-a9a5-b499baebfeaf)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Check Point reports :
    
    ... discovered 3 fresh and previously unknown vulnerabilities
    (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize
    mechanism.
    
    The first two vulnerabilities allow attackers to take full control
    over servers, allowing them to do anything they want with the website,
    from spreading malware to defacing it or stealing customer data.
    
    The last vulnerability generates a Denial of Service attack which
    basically hangs the website, exhausts its memory consumption, and
    shuts it down.
    
    The PHP security team issued fixes for two of the vulnerabilities on
    the 13th of October and 1st of December."
      );
      # http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?883c814d"
      );
      # https://vuxml.freebsd.org/freebsd/1b61ecef-cdb9-11e6-a9a5-b499baebfeaf.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8caefca3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php70");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"php70<7.0.14")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0534-1.NASL
    descriptionThis update for php7 fixes the following security issues : - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the
    last seen2020-03-24
    modified2019-01-02
    plugin id119993
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119993
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0534-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119993);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2015-8876", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480", "CVE-2016-9138", "CVE-2017-5340");
    
      script_name(english:"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php7 fixes the following security issues :
    
      - CVE-2016-7480: The SplObjectStorage unserialize
        implementation in ext/spl/spl_observer.c in PHP did not
        verify that a key is an object, which allowed remote
        attackers to execute arbitrary code or cause a denial of
        service (uninitialized memory access) via crafted
        serialized data. (bsc#1019568)
    
      - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled
        certain cases that require large array allocations,
        which allowed remote attackers to execute arbitrary code
        or cause a denial of service (integer overflow,
        uninitialized memory access, and use of arbitrary
        destructor function pointers) via crafted serialized
        data. (bsc#1019570)
    
      - CVE-2016-7479: In all versions of PHP 7, during the
        unserialization process, resizing the 'properties' hash
        table of a serialized object may have lead to
        use-after-free. A remote attacker may exploit this bug
        to gain arbitrary code execution. (bsc#1019547)
    
      - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed
        remote attackers to cause a denial of service (infinite
        loop) via a crafted Exception object in serialized data,
        a related issue to CVE-2015-8876. (bsc#1019550)
    
      - CVE-2016-10159: Integer overflow in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory consumption or application crash) via a
        truncated manifest entry in a PHAR archive.
        (bsc#1022255)
    
      - CVE-2016-10160: Off-by-one error in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory corruption) or possibly execute arbitrary code
        via a crafted PHAR archive with an alias mismatch.
        (bsc#1022257)
    
      - CVE-2016-10161: The object_common1 function in
        ext/standard/var_unserializer.c in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via crafted serialized data that
        is mishandled in a finish_nested_data call.
        (bsc#1022260)
    
      - CVE-2016-10162: The php_wddx_pop_element function in
        ext/wddx/wddx.c in PHP 7 allowed remote attackers to
        cause a denial of service (NULL pointer dereference and
        application crash) via an inapplicable class name in a
        wddxPacket XML document, leading to mishandling in a
        wddx_deserialize call. (bsc#1022262)
    
      - CVE-2016-10166: A potential unsigned underflow in gd
        interpolation functions could lead to memory corruption
        in the PHP gd module (bsc#1022263)
    
      - CVE-2016-10167: A denial of service problem in
        gdImageCreateFromGd2Ctx() could lead to php out of
        memory even on small files. (bsc#1022264)
    
      - CVE-2016-10168: A signed integer overflow in the gd
        module could lead to memory corruption (bsc#1022265)
    
      - CVE-2016-9138: PHP mishandled property modification
        during __wakeup processing, which allows remote
        attackers to cause a denial of service or possibly have
        unspecified other impact via crafted serialized data, as
        demonstrated by Exception::__toString with
        DateInterval::__wakeup. (bsc#1008026)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1008026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022262"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022265"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10158/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10159/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10160/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10161/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10162/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10166/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10167/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10168/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7479/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7480/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9138/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5340/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170534-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f193c1ba"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-277=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-277=1
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2017-277=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debugsource-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-debuginfo-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-7.0.7-35.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-debuginfo-7.0.7-35.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0568-1.NASL
    descriptionThis update for php53 fixes the following security issues : - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97431
    published2017-02-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97431
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2017:0568-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0568-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97431);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478");
    
      script_name(english:"SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0568-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php53 fixes the following security issues :
    
      - CVE-2016-7478: When unserializing untrusted input data,
        PHP could end up in an infinite loop, causing denial of
        service (bsc#1019550)
    
      - CVE-2016-10158: The exif_convert_any_to_int function in
        ext/exif/exif.c in PHP allowed remote attackers to cause
        a denial of service (application crash) via crafted EXIF
        data that triggers an attempt to divide the minimum
        representable negative integer by -1. (bsc#1022219)
    
      - CVE-2016-10159: Integer overflow in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory consumption or application crash) via a
        truncated manifest entry in a PHAR archive.
        (bsc#1022255)
    
      - CVE-2016-10160: Off-by-one error in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory corruption) or possibly execute arbitrary code
        via a crafted PHAR archive with an alias mismatch.
        (bsc#1022257)
    
      - CVE-2016-10161: The object_common1 function in
        ext/standard/var_unserializer.c in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via crafted serialized data that
        is mishandled in a finish_nested_data call.
        (bsc#1022260)
    
      - CVE-2016-10166: A potential unsigned underflow in gd
        interpolation functions could lead to memory corruption
        in the PHP gd module (bsc#1022263)
    
      - CVE-2016-10167: A denial of service problem in
        gdImageCreateFromGd2Ctx() could lead to php out of
        memory even on small files. (bsc#1022264)
    
      - CVE-2016-10168: A signed integer overflow in the gd
        module could lead to memory corruption (bsc#1022265)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022265"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10158/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10159/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10160/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10161/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10166/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10167/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10168/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7478/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170568-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2b284c6d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-php53-12997=1
    
    SUSE Manager Proxy 2.1:zypper in -t patch slemap21-php53-12997=1
    
    SUSE Manager 2.1:zypper in -t patch sleman21-php53-12997=1
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-php53-12997=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-php53-12997=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-php53-12997=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-php53-12997=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-php53-12997=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-php53-12997=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php53-zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-mod_php53-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bcmath-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-bz2-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-calendar-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ctype-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-curl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dba-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-dom-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-exif-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fastcgi-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-fileinfo-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ftp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gd-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gettext-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-gmp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-iconv-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-intl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-json-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-ldap-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mbstring-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mcrypt-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-mysql-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-odbc-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-openssl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pcntl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pdo-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pear-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pgsql-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-pspell-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-shmop-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-snmp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-soap-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-suhosin-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvmsg-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvsem-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-sysvshm-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-tokenizer-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-wddx-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlreader-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlrpc-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xmlwriter-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-xsl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zip-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"php53-zlib-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-mod_php53-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bcmath-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-bz2-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-calendar-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ctype-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-curl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dba-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-dom-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-exif-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fastcgi-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-fileinfo-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ftp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gd-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gettext-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-gmp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-iconv-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-intl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-json-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-ldap-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mbstring-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mcrypt-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-mysql-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-odbc-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-openssl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pcntl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pdo-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pear-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pgsql-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-pspell-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-shmop-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-snmp-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-soap-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-suhosin-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvmsg-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvsem-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-sysvshm-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-tokenizer-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-wddx-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlreader-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlrpc-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xmlwriter-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-xsl-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zip-5.3.17-101.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"php53-zlib-5.3.17-101.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_6_28.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.28. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the parse_url() function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to have a multiple impacts depending on how the function is implemented, which can include bypassing authentication or conducting open redirection and server-side request forgery attacks. - An integer overflow condition exists in the _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. - A flaw exists in the bzcompress() function when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds memory read or write, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code. - A denial of service flaw exists due to a flaw in Zend/zend_exceptions.c via a crafted Exception object in serialized data (CVE-2016-7478) - A Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library could lead to a denial of service condition. (CVE-2016-9933) - A denial of service flaw exists due to a flaw in ext/wddx/wddx.c via a crafted serialized data in a wddxPacket XML document. (CVE-2016-9934) Note that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 5.6.28.
    last seen2020-06-01
    modified2020-06-02
    plugin id94955
    published2016-11-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94955
    titlePHP 5.6.x < 5.6.28 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94955);
      script_version("1.15");
      script_cvs_date("Date: 2019/03/04 18:17:59");
    
      script_cve_id("CVE-2016-7478", "CVE-2016-9933", "CVE-2016-9934");
      script_bugtraq_id(94845, 94865, 95150);
    
      script_name(english:"PHP 5.6.x < 5.6.28 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of PHP running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.6.x prior to 5.6.28. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A flaw exists in the parse_url() function due to
        returning the incorrect host. An unauthenticated, remote
        attacker can exploit this to have a multiple impacts
        depending on how the function is implemented, which can
        include bypassing authentication or conducting open
        redirection and server-side request forgery attacks.
    
      - An integer overflow condition exists in the
        _php_imap_mail() function in file ext/imap/php_imap.c
        when handling overly long strings. An unauthenticated,
        remote attacker can exploit this to cause a
        heap-based buffer overflow, resulting in a denial of
        service condition or the execution of arbitrary code.
    
      - A flaw exists in the bzcompress() function when handling
        overly long strings. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition.
    
      - An integer overflow condition exists in the
        gdImageAALine() function within file ext/gd/libgd/gd.c
        due to improper validation of line limit values. An
        unauthenticated, remote attacker can exploit this to
        cause an out-of-bounds memory read or write, resulting
        in a denial of service condition, the disclosure of
        memory contents, or the execution of arbitrary code.
    
      - A denial of service flaw exists due to a flaw in
        Zend/zend_exceptions.c via a crafted Exception object
        in serialized data (CVE-2016-7478)
    
      - A Stack consumption vulnerability in the
        gdImageFillToBorder function in gd.c in the GD Graphics
        Library could lead to a denial of service condition.
        (CVE-2016-9933)
    
      - A denial of service flaw exists due to a flaw in
        ext/wddx/wddx.c via a crafted serialized data in a
        wddxPacket XML document. (CVE-2016-9934)
    
    Note that this software is reportedly affected by other
    vulnerabilities as well that have not been fixed yet in version
    5.6.28.");
      script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.6.28");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.6.28 or later.
    
    Note that this software is reportedly affected by other
    vulnerabilities as well. Patches for these have been committed to the
    source code repository, but until they are incorporated into the next
    release of the software, manually installing an updated snapshot is
    the only known solution.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7478");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.6)?$")
      audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port);
    
    fix = "5.6.28";
    if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
    {
      report =
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix +
        '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyCGI abuses
    NASL idPHP_7_0_13.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.13. It is, therefore, affected by multiple vulnerabilities : - A stack consumption condition exists in the gdImageFillToBorder function of the gd.c script within the GD Graphics Library (libgd). An unauthenticated, remote attacker can exploit this issue, via a crafted call to imagefilltoborder using a negative color value, to cause the application to stop responding. (CVE-2016-9933) - A denial of service (DoS) vulnerability exists in the ext/wddx/wddx.c script. An unauthenticated, remote attacker can exploit this issue, via crafted serialized data in a wddxPacket XML document, to cause the application to stop responding. (CVE-2016-9934) - A flaw exists in the parse_url() function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to have a multiple impacts depending on how the function is implemented, which can include bypassing authentication or conducting open redirection and server-side request forgery attacks. - An integer overflow condition exists in the _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. - An integer overflow condition exists in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds memory read or write, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code. Note that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 7.0.13.
    last seen2020-04-30
    modified2016-11-18
    plugin id94956
    published2016-11-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94956
    titlePHP 7.0.x < 7.0.13 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94956);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/27");
    
      script_cve_id(
        "CVE-2016-7478",
        "CVE-2016-9933",
        "CVE-2016-9934"
      );
      script_bugtraq_id(94845, 94865);
    
      script_name(english:"PHP 7.0.x < 7.0.13 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of PHP running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 7.0.x prior to 7.0.13. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A stack consumption condition exists in the
        gdImageFillToBorder function of the gd.c script within
        the GD Graphics Library (libgd). An unauthenticated,
        remote attacker can exploit this issue, via a crafted
        call to imagefilltoborder using a negative color value,
        to cause the application to stop responding.
        (CVE-2016-9933)
    
      - A denial of service (DoS) vulnerability exists in the
        ext/wddx/wddx.c script. An unauthenticated, remote
        attacker can exploit this issue, via crafted serialized
        data in a wddxPacket XML document, to cause the
        application to stop responding. (CVE-2016-9934)
    
      - A flaw exists in the parse_url() function due to
        returning the incorrect host. An unauthenticated, remote
        attacker can exploit this to have a multiple impacts
        depending on how the function is implemented, which can
        include bypassing authentication or conducting open
        redirection and server-side request forgery attacks.
    
      - An integer overflow condition exists in the
        _php_imap_mail() function in file ext/imap/php_imap.c
        when handling overly long strings. An unauthenticated,
        remote attacker can exploit this to cause a
        heap-based buffer overflow, resulting in a denial of
        service condition or the execution of arbitrary code.
    
      - An integer overflow condition exists in the
        gdImageAALine() function within file ext/gd/libgd/gd.c
        due to improper validation of line limit values. An
        unauthenticated, remote attacker can exploit this to
        cause an out-of-bounds memory read or write, resulting
        in a denial of service condition, the disclosure of
        memory contents, or the execution of arbitrary code.
    
    Note that this software is reportedly affected by other
    vulnerabilities as well that have not been fixed yet in version
    7.0.13.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.0.13");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 7.0.13 or later.
    
    Note that this software is reportedly affected by other
    vulnerabilities as well. Patches for these have been committed to the
    source code repository, but until they are incorporated into the next
    release of the software, manually installing an updated snapshot is
    the only known solution.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7478");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    vcf::php::initialize();
    
    port = get_http_port(default:80, php:TRUE);
    
    app_info = vcf::php::get_app_info(port:port);
    
    constraints = [
      { "min_version" : "7.0.0alpha0", "fixed_version" : "7.0.13" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1067.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478) - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417) - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342) - The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML documenti1/4Z(CVE-2016-7129) - Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296) - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295) - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290) - Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297) - The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-4343) - ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.(CVE-2016-7416) - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a i1/4oe (less than) character.(CVE-2016-7131) - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.(CVE-2016-7132) - The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML documenti1/4Z( CVE-2016-7130) - The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.(CVE-2016-7127) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-02
    plugin id99914
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99914
    titleEulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99914);
      script_version("3.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-4342",
        "CVE-2016-4343",
        "CVE-2016-6290",
        "CVE-2016-6295",
        "CVE-2016-6296",
        "CVE-2016-6297",
        "CVE-2016-7127",
        "CVE-2016-7129",
        "CVE-2016-7130",
        "CVE-2016-7131",
        "CVE-2016-7132",
        "CVE-2016-7416",
        "CVE-2016-7417",
        "CVE-2016-7478"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - Zend/zend_exceptions.c in PHP, possibly 5.x before
        5.6.28 and 7.x before 7.0.13, allows remote attackers
        to cause a denial of service (infinite loop) via a
        crafted Exception object in serialized data, a related
        issue to CVE-2015-8876.(CVE-2016-7478)
    
      - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before
        7.0.11 proceeds with SplArray unserialization without
        validating a return value and data type, which allows
        remote attackers to cause a denial of service or
        possibly have unspecified other impact via crafted
        serialized data.(CVE-2016-7417)
    
      - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x
        before 5.6.18, and 7.x before 7.0.3 mishandles
        zero-length uncompressed data, which allows remote
        attackers to cause a denial of service (heap memory
        corruption) or possibly have unspecified other impact
        via a crafted (1) TAR, (2) ZIP, or (3) PHAR
        archive.(CVE-2016-4342)
    
      - The php_wddx_process_data function in ext/wddx/wddx.c
        in PHP before 5.6.25 and 7.x before 7.0.10 allows
        remote attackers to cause a denial of service
        (segmentation fault) or possibly have unspecified other
        impact via an invalid ISO 8601 time value, as
        demonstrated by a wddx_deserialize call that mishandles
        a dateTime element in a wddxPacket XML
        documenti1/4Z(CVE-2016-7129)
    
      - Integer signedness error in the simplestring_addn
        function in simplestring.c in xmlrpc-epi through
        0.54.2, as used in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9, allows remote attackers
        to cause a denial of service (heap-based buffer
        overflow) or possibly have unspecified other impact via
        a long first argument to the PHP xmlrpc_encode_request
        function.(CVE-2016-6296)
    
      - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before
        5.6.24, and 7.x before 7.0.9 improperly interacts with
        the unserialize implementation and garbage collection,
        which allows remote attackers to cause a denial of
        service (use-after-free and application crash) or
        possibly have unspecified other impact via crafted
        serialized data, a related issue to
        CVE-2016-5773.(CVE-2016-6295)
    
      - ext/session/session.c in PHP before 5.5.38, 5.6.x
        before 5.6.24, and 7.x before 7.0.9 does not properly
        maintain a certain hash data structure, which allows
        remote attackers to cause a denial of service
        (use-after-free) or possibly have unspecified other
        impact via vectors related to session
        deserialization.(CVE-2016-6290)
    
      - Integer overflow in the php_stream_zip_opener function
        in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x
        before 5.6.24, and 7.x before 7.0.9 allows remote
        attackers to cause a denial of service (stack-based
        buffer overflow) or possibly have unspecified other
        impact via a crafted zip:// URL.(CVE-2016-6297)
    
      - The phar_make_dirstream function in
        ext/phar/dirstream.c in PHP before 5.6.18 and 7.x
        before 7.0.3 mishandles zero-size ././@LongLink files,
        which allows remote attackers to cause a denial of
        service (uninitialized pointer dereference) or possibly
        have unspecified other impact via a crafted TAR
        archive.(CVE-2016-4343)
    
      - ext/intl/msgformat/msgformat_format.c in PHP before
        5.6.26 and 7.x before 7.0.11 does not properly restrict
        the locale length provided to the Locale class in the
        ICU library, which allows remote attackers to cause a
        denial of service (application crash) or possibly have
        unspecified other impact via a
        MessageFormatter::formatMessage call with a long first
        argument.(CVE-2016-7416)
    
      - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before
        7.0.10 allows remote attackers to cause a denial of
        service (NULL pointer dereference and application
        crash) or possibly have unspecified other impact via a
        malformed wddxPacket XML document that is mishandled in
        a wddx_deserialize call, as demonstrated by a tag that
        lacks a i1/4oe (less than) character.(CVE-2016-7131)
    
      - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before
        7.0.10 allows remote attackers to cause a denial of
        service (NULL pointer dereference and application
        crash) or possibly have unspecified other impact via an
        invalid wddxPacket XML document that is mishandled in a
        wddx_deserialize call, as demonstrated by a stray
        element inside a boolean element, leading to incorrect
        pop processing.(CVE-2016-7132)
    
      - The php_wddx_pop_element function in ext/wddx/wddx.c in
        PHP before 5.6.25 and 7.x before 7.0.10 allows remote
        attackers to cause a denial of service (NULL pointer
        dereference and application crash) or possibly have
        unspecified other impact via an invalid base64 binary
        value, as demonstrated by a wddx_deserialize call that
        mishandles a binary element in a wddxPacket XML
        documenti1/4Z( CVE-2016-7130)
    
      - The imagegammacorrect function in ext/gd/gd.c in PHP
        before 5.6.25 and 7.x before 7.0.10 does not properly
        validate gamma values, which allows remote attackers to
        cause a denial of service (out-of-bounds write) or
        possibly have unspecified other impact by providing
        different signs for the second and third
        arguments.(CVE-2016-7127)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1067
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?63b6a26f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-42.h27",
            "php-cli-5.4.16-42.h27",
            "php-common-5.4.16-42.h27",
            "php-gd-5.4.16-42.h27",
            "php-ldap-5.4.16-42.h27",
            "php-mysql-5.4.16-42.h27",
            "php-odbc-5.4.16-42.h27",
            "php-pdo-5.4.16-42.h27",
            "php-pgsql-5.4.16-42.h27",
            "php-process-5.4.16-42.h27",
            "php-recode-5.4.16-42.h27",
            "php-soap-5.4.16-42.h27",
            "php-xml-5.4.16-42.h27",
            "php-xmlrpc-5.4.16-42.h27"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0556-1.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119994
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119994
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2017:0556-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0556-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119994);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");
    
      script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478");
    
      script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0556-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
      - CVE-2016-7478: When unserializing untrusted input data,
        PHP could end up in an infinite loop, causing denial of
        service (bsc#1019550)
    
      - CVE-2016-10158: The exif_convert_any_to_int function in
        ext/exif/exif.c in PHP allowed remote attackers to cause
        a denial of service (application crash) via crafted EXIF
        data that triggers an attempt to divide the minimum
        representable negative integer by -1. (bsc#1022219)
    
      - CVE-2016-10159: Integer overflow in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory consumption or application crash) via a
        truncated manifest entry in a PHAR archive.
        (bsc#1022255)
    
      - CVE-2016-10160: Off-by-one error in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory corruption) or possibly execute arbitrary code
        via a crafted PHAR archive with an alias mismatch.
        (bsc#1022257)
    
      - CVE-2016-10161: The object_common1 function in
        ext/standard/var_unserializer.c in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via crafted serialized data that
        is mishandled in a finish_nested_data call.
        (bsc#1022260)
    
      - CVE-2016-10166: A potential unsigned underflow in gd
        interpolation functions could lead to memory corruption
        in the PHP gd module (bsc#1022263)
    
      - CVE-2016-10167: A denial of service problem in
        gdImageCreateFromGd2Ctx() could lead to php out of
        memory even on small files. (bsc#1022264)
    
      - CVE-2016-10168: A signed integer overflow in the gd
        module could lead to memory corruption (bsc#1022265)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022265"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10158/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10159/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10160/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10161/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10166/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10167/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10168/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7478/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170556-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d742508e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-293=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-293=1
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2017-293=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-96.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-96.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-304.NASL
    descriptionThis update for php7 fixes the following security issues : - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the
    last seen2020-06-05
    modified2017-03-07
    plugin id97563
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97563
    titleopenSUSE Security Update : php7 (openSUSE-2017-304)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-304.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97563);
      script_version("3.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8876", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480", "CVE-2016-9138", "CVE-2017-5340");
    
      script_name(english:"openSUSE Security Update : php7 (openSUSE-2017-304)");
      script_summary(english:"Check for the openSUSE-2017-304 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php7 fixes the following security issues :
    
      - CVE-2016-7480: The SplObjectStorage unserialize
        implementation in ext/spl/spl_observer.c in PHP did not
        verify that a key is an object, which allowed remote
        attackers to execute arbitrary code or cause a denial of
        service (uninitialized memory access) via crafted
        serialized data. (bsc#1019568)
    
      - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled
        certain cases that require large array allocations,
        which allowed remote attackers to execute arbitrary code
        or cause a denial of service (integer overflow,
        uninitialized memory access, and use of arbitrary
        destructor function pointers) via crafted serialized
        data. (bsc#1019570)
    
      - CVE-2016-7479: In all versions of PHP 7, during the
        unserialization process, resizing the 'properties' hash
        table of a serialized object may have lead to
        use-after-free. A remote attacker may exploit this bug
        to gain arbitrary code execution. (bsc#1019547)
    
      - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed
        remote attackers to cause a denial of service (infinite
        loop) via a crafted Exception object in serialized data,
        a related issue to CVE-2015-8876. (bsc#1019550)
    
      - CVE-2016-10159: Integer overflow in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory consumption or application crash) via a
        truncated manifest entry in a PHAR archive.
        (bsc#1022255)
    
      - CVE-2016-10160: Off-by-one error in the
        phar_parse_pharfile function in ext/phar/phar.c in PHP
        allowed remote attackers to cause a denial of service
        (memory corruption) or possibly execute arbitrary code
        via a crafted PHAR archive with an alias mismatch.
        (bsc#1022257)
    
      - CVE-2016-10161: The object_common1 function in
        ext/standard/var_unserializer.c in PHP allowed remote
        attackers to cause a denial of service (buffer over-read
        and application crash) via crafted serialized data that
        is mishandled in a finish_nested_data call.
        (bsc#1022260)
    
      - CVE-2016-10162: The php_wddx_pop_element function in
        ext/wddx/wddx.c in PHP 7 allowed remote attackers to
        cause a denial of service (NULL pointer dereference and
        application crash) via an inapplicable class name in a
        wddxPacket XML document, leading to mishandling in a
        wddx_deserialize call. (bsc#1022262)
    
      - CVE-2016-10166: A potential unsigned underflow in gd
        interpolation functions could lead to memory corruption
        in the PHP gd module (bsc#1022263)
    
      - CVE-2016-10167: A denial of service problem in
        gdImageCreateFromGd2Ctx() could lead to php out of
        memory even on small files. (bsc#1022264)
    
      - CVE-2016-10168: A signed integer overflow in the gd
        module could lead to memory corruption (bsc#1022265)
    
      - CVE-2016-9138: PHP mishandled property modification
        during __wakeup processing, which allows remote
        attackers to cause a denial of service or possibly have
        unspecified other impact via crafted serialized data, as
        demonstrated by Exception::__toString with
        DateInterval::__wakeup. (bsc#1008026)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022262"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022265"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php7 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-debugsource-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-devel-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-json-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-json-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-Archive_Tar-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-debuginfo-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-7.0.7-12.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-debuginfo-7.0.7-12.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1545.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4147) - An invalid free flaw was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124998
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124998
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124998);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2013-6420",
        "CVE-2015-2301",
        "CVE-2015-3307",
        "CVE-2015-3330",
        "CVE-2015-3411",
        "CVE-2015-4147",
        "CVE-2015-4600",
        "CVE-2016-7478",
        "CVE-2018-20783",
        "CVE-2019-9020",
        "CVE-2019-9021",
        "CVE-2019-9023",
        "CVE-2019-9024",
        "CVE-2019-9637",
        "CVE-2019-9640"
      );
      script_bugtraq_id(
        64225,
        73037,
        73357,
        74204,
        74413,
        74703,
        75255
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - A flaws was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4147)
    
      - An invalid free flaw was found in the way PHP's Phar
        extension parsed Phar archives. A specially crafted
        archive could cause PHP to crash or, possibly, execute
        arbitrary code when opened.(CVE-2015-3307)
    
      - A flaw was found in the way the PHP module for the
        Apache httpd web server handled pipelined requests. A
        remote attacker could use this flaw to trigger the
        execution of a PHP script in a deinitialized
        interpreter, causing it to crash or, possibly, execute
        arbitrary code.(CVE-2015-3330)
    
      - Multiple flaws were discovered in the way PHP's Soap
        extension performed object unserialization. Specially
        crafted input processed by the unserialize() function
        could cause a PHP application to disclose portion of
        its memory or crash.(CVE-2015-4600)
    
      - Zend/zend_exceptions.c in PHP, possibly 5.x before
        5.6.28 and 7.x before 7.0.13, allows remote attackers
        to cause a denial of service (infinite loop) via a
        crafted Exception object in serialized data, a related
        issue to CVE-2015-8876.(CVE-2016-7478)
    
      - It was found that certain PHP functions did not
        properly handle file names containing a NULL character.
        A remote attacker could possibly use this flaw to make
        a PHP script access unexpected files and bypass
        intended file system access
        restrictions.(CVE-2015-3411)
    
      - The asn1_time_to_time_t function in
        ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x
        before 5.4.23, and 5.5.x before 5.5.7 does not properly
        parse (1) notBefore and (2) notAfter timestamps in
        X.509 certificates, which allows remote attackers to
        execute arbitrary code or cause a denial of service
        (memory corruption) via a crafted certificate that is
        not properly handled by the openssl_x509_parse
        function.(CVE-2013-6420)
    
      - A use-after-free flaw was found in PHP's phar (PHP
        Archive) paths implementation. A malicious script
        author could possibly use this flaw to disclose certain
        portions of server memory.(CVE-2015-2301)
    
      - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before
        7.1.25, and 7.2.x before 7.2.13, a buffer over-read in
        PHAR reading functions may allow an attacker to read
        allocated or unallocated memory past the actual data
        when trying to parse a .phar file. This is related to
        phar_parse_pharfile in ext/phar/phar.c.(CVE-2018-20783)
    
      - An issue was discovered in PHP before 5.6.40, 7.x
        before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
        7.3.1. Invalid input to the function xmlrpc_decode()
        can lead to an invalid memory access (heap out of
        bounds read or read after free). This is related to
        xml_elem_parse_buf in
        ext/xmlrpc/libxmlrpc/xml_element.c.(CVE-2019-9020)
    
      - An issue was discovered in PHP before 5.6.40, 7.x
        before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
        7.3.1. A heap-based buffer over-read in PHAR reading
        functions in the PHAR extension may allow an attacker
        to read allocated or unallocated memory past the actual
        data when trying to parse the file name, a different
        vulnerability than CVE-2018-20783. This is related to
        phar_detect_phar_fname_ext in
        ext/phar/phar.c.(CVE-2019-9021)
    
      - An issue was discovered in PHP before 5.6.40, 7.x
        before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
        7.3.1. A heap-based buffer over-read in PHAR reading
        functions in the PHAR extension may allow an attacker
        to read allocated or unallocated memory past the actual
        data when trying to parse the file name, a different
        vulnerability than CVE-2018-20783. This is related to
        phar_detect_phar_fname_ext in
        ext/phar/phar.c.(CVE-2019-9023)
    
      - An issue was discovered in PHP before 5.6.40, 7.x
        before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
        7.3.1. A heap-based buffer over-read in PHAR reading
        functions in the PHAR extension may allow an attacker
        to read allocated or unallocated memory past the actual
        data when trying to parse the file name, a different
        vulnerability than CVE-2018-20783. This is related to
        phar_detect_phar_fname_ext in
        ext/phar/phar.c.(CVE-2019-9024)
    
      - An issue was discovered in PHP before 7.1.27, 7.2.x
        before 7.2.16, and 7.3.x before 7.3.3. Due to the way
        rename() across filesystems is implemented, it is
        possible that file being renamed is briefly available
        with wrong permissions while the rename is ongoing,
        thus enabling unauthorized users to access the
        data.(CVE-2019-9637)
    
      - An issue was discovered in the EXIF component in PHP
        before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before
        7.3.3. There is an Invalid Read in
        exif_process_SOFn.(CVE-2019-9640)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1545
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5345f9f2");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-45.h9",
            "php-cli-5.4.16-45.h9",
            "php-common-5.4.16-45.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1068.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478) - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417) - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342) - The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML documenti1/4Z(CVE-2016-7129) - Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296) - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295) - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290) - Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297) - The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-4343) - ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.(CVE-2016-7416) - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a i1/4oe (less than) character.(CVE-2016-7131) - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.(CVE-2016-7132) - The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML documenti1/4Z( CVE-2016-7130) - The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.(CVE-2016-7127) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-02
    plugin id99915
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99915
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)

The Hacker News

idTHN:ADC5E0B7C8DF1100E34C28AC74897A50
last seen2018-01-27
modified2016-12-29
published2016-12-28
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2016/12/php-7-update.html
title3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!