Vulnerabilities > CVE-2016-9137 - Use After Free vulnerability in PHP

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

php

CWE-416

critical

nessus

NVD

Published: 2017-01-04

Updated: 2023-11-07

Summary

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 7.0.11 PHP PHP 7.0.4 PHP PHP 7.0.3 PHP PHP 7.0.1 PHP PHP 7.0.7 PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.4.39 PHP PHP 5.4.40 PHP PHP 5.4.41 PHP PHP 5.4.42 PHP PHP 5.4.43 PHP PHP 5.4.44 PHP PHP 5.4.45 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.15 PHP PHP 5.5.16 PHP PHP 5.5.17 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.5.23 PHP PHP 5.5.24 PHP PHP 5.5.25 PHP PHP 5.5.26 PHP PHP 5.5.27 PHP PHP 5.5.28 PHP PHP 5.5.29 PHP PHP 5.5.30 PHP PHP 5.5.31 PHP PHP 5.5.32 PHP PHP 5.5.33 PHP PHP 5.5.34 PHP PHP 5.5.35 PHP PHP 5.5.36 PHP PHP 5.5.37 PHP PHP 5.5.38 PHP PHP 5.6.0 PHP PHP 5.6.1 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6 PHP PHP 5.6.7 PHP PHP 5.6.8 PHP PHP 5.6.9 PHP PHP 5.6.10 PHP PHP 5.6.11 PHP PHP 5.6.12 PHP PHP 5.6.13 PHP PHP 5.6.14 PHP PHP 5.6.15 PHP PHP 5.6.16 PHP PHP 5.6.17 PHP PHP 5.6.18 PHP PHP 5.6.19 PHP PHP 5.6.20 PHP PHP 5.6.21 PHP PHP 5.6.22 PHP PHP 5.6.23 PHP PHP 5.6.24 PHP PHP 5.6.25 PHP PHP 5.6.26 PHP PHP 7.0.2 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.5 PHP PHP 7.0.10 PHP PHP 7.0.0 PHP PHP 7.0.6	819

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1449.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP
last seen	2020-06-05
modified	2016-12-13
plugin id	95755
published	2016-12-13
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95755
title	openSUSE Security Update : php5 (openSUSE-2016-1449)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1449. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(95755); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5773", "CVE-2016-9137"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2016-1449)"); script_summary(english:"Check for the openSUSE-2016-1449 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986247" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1\|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-68.3") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-69.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-69.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-788.NASL
description	The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
last seen	2020-06-01
modified	2020-06-02
plugin id	96806
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96806
title	Amazon Linux AMI : php70 (ALAS-2017-788)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-788. # include("compat.inc"); if (description) { script_id(96806); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"); script_xref(name:"ALAS", value:"2017-788"); script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-788.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php70' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc"); }

NASL family	Misc.
NASL id	SECURITYCENTER_PHP_5_6_27.NASL
description	The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize() function that allows an unauthenticated, remote attacker to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-9137) - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML() function within file ext/simplexml/simplexml.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A heap-based buffer overflow condition exists in the php_ereg_replace() function within file ext/ereg/ereg.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A flaw exists in the openssl_random_pseudo_bytes() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists in the openssl_encrypt() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the imap_8bit() function within file ext/imap/php_imap.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A flaw exists in the _bc_new_num_ex() function within file ext/bcmath/libbcmath/src/init.c when handling values passed via the
last seen	2020-06-01
modified	2020-06-02
plugin id	101049
published	2017-06-26
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101049
title	Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101049); script_version("1.7"); script_cvs_date("Date: 2019/03/27 13:17:50"); script_cve_id( "CVE-2016-9137" ); script_bugtraq_id( 93577 ); script_name(english:"Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP in SecurityCenter."); script_set_attribute(attribute:"synopsis", value: "The Tenable SecurityCenter application on the remote host contains a PHP library that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize() function that allows an unauthenticated, remote attacker to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-9137) - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML() function within file ext/simplexml/simplexml.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A heap-based buffer overflow condition exists in the php_ereg_replace() function within file ext/ereg/ereg.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A flaw exists in the openssl_random_pseudo_bytes() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists in the openssl_encrypt() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the imap_8bit() function within file ext/imap/php_imap.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A flaw exists in the _bc_new_num_ex() function within file ext/bcmath/libbcmath/src/init.c when handling values passed via the 'scale' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists in the php_resolve_path() function within file main/fopen_wrappers.c when handling negative size values passed via the 'filename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists in the dom_document_save_html() function within file ext/dom/document.c due to missing NULL checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the mb_encode_*() functions in file ext/mbstring/mbstring.c due to improper validation of the length of encoded data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in the CachingIterator() function within file ext/spl/spl_iterators.c when handling string conversions. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the number_format() function within file ext/standard/math.c when handling 'decimals' and 'dec_point' parameters that have values that are equal or close to 0x7fffffff. An unauthenticated, remote attacker can exploit this to cause a heap buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. - A stack-based overflow condition exists in the ResourceBundle::create and ResourceBundle::getLocales methods and their respective functions within file ext/intl/resourcebundle/resourcebundle_class.c due to improper validation of input passed via the 'bundlename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution or arbitrary code. - An integer overflow condition exists in the php_pcre_replace_impl() function within file ext/pcre/php_pcre.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.27"); script_set_attribute(attribute:"solution", value: "Upgrade to SecurityCenter version 5.4.1 or later. Alternatively, contact the vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"manual"); script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on analysis of the vendor advisory."); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin"); script_require_keys("Host/SecurityCenter/Version", "installed_sw/SecurityCenter", "Host/SecurityCenter/support/php/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'PHP (within SecurityCenter)'; fix = "5.6.27"; sc_ver = get_kb_item("Host/SecurityCenter/Version"); port = 0; if(empty_or_null(sc_ver)) { port = 443; install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE); sc_ver = install["version"]; } if (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, "SecurityCenter"); version = get_kb_item("Host/SecurityCenter/support/php/version"); if (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app); if (ver_compare(ver:version, minver:"5.6.0", fix:fix, strict:FALSE) < 0) { report = '\n SecurityCenter version : ' + sc_ver + '\n SecurityCenter PHP version : ' + version + '\n Fixed PHP version : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app, version);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3211-1.NASL
description	It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97384
published	2017-02-24
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97384
title	Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3211-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(97384); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-5340"); script_xref(name:"USN", value:"3211-1"); script_name(english:"Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3211-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04\|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / php7.0-cgi / php7.0-cli / php7.0-fpm"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1338.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9137: Fixed a use after free in unserialize() in curl file deserialization [boo#1008029]
last seen	2020-06-05
modified	2016-11-22
plugin id	95040
published	2016-11-22
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95040
title	openSUSE Security Update : php5 (openSUSE-2016-1338)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1338. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(95040); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9137"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2016-1338)"); script_summary(english:"Check for the openSUSE-2016-1338 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-9137: Fixed a use after free in unserialize() in curl file deserialization [boo#1008029]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008029" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-86.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-86.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-787.NASL
description	A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
last seen	2020-06-01
modified	2020-06-02
plugin id	96805
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96805
title	Amazon Linux AMI : php56 (ALAS-2017-787)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-787. # include("compat.inc"); if (description) { script_id(96805); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-8670", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_xref(name:"ALAS", value:"2017-787"); script_name(english:"Amazon Linux AMI : php56 (ALAS-2017-787)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-787.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.29-1.131.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.29-1.131.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2941-1.NASL
description	This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119987
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119987
title	SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2941-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(119987); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23"); script_cve_id("CVE-2016-5385", "CVE-2016-9137"); script_name(english:"SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1008029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=988486" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5385/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9137/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162941-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ed95f03a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1722=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1722=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1722=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debugsource-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-debuginfo-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-7.0.7-25.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-debuginfo-7.0.7-25.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1440.NASL
description	This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2016-12-13
plugin id	95746
published	2016-12-13
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95746
title	openSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1440. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(95746); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5385", "CVE-2016-9137"); script_name(english:"openSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)"); script_summary(english:"Check for the openSUSE-2016-1440 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988486" ); script_set_attribute(attribute:"solution", value:"Update the affected php7 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-debugsource-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-devel-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-json-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-json-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-Archive_Tar-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-debuginfo-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-7.0.7-6.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-debuginfo-7.0.7-6.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3211-2.NASL
description	USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97521
published	2017-03-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97521
title	Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3211-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(97521); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-5340"); script_xref(name:"USN", value:"3211-2"); script_name(english:"Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3211-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04\|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / php7.0-cgi / php7.0-cli / php7.0-fpm"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3196-1.NASL
description	It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97190
published	2017-02-15
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97190
title	Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3196-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(97190); script_version("3.8"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2014-9912", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9934", "CVE-2016-9935"); script_xref(name:"USN", value:"3196-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3196-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.26")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.26")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.26")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.26")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.21")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3698.NASL
description	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.27, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://php.net/ChangeLog-5.php#5.6.27
last seen	2020-06-01
modified	2020-06-02
plugin id	94234
published	2016-10-25
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94234
title	Debian DSA-3698-1 : php5 - security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2975-1.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize() (bsc#1008029) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	95535
published	2016-12-05
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95535
title	SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:2975-1)

NASL family	Misc.
NASL id	SECURITYCENTER_5_4_1.NASL
description	According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052) - A cross-site scripting (XSS) vulnerability exists within the JQuery UI dialog() function due to improper validation of input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	96832
published	2017-01-27
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96832
title	Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References