Vulnerabilities > CVE-2016-9934 - NULL Pointer Dereference vulnerability in PHP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

php

CWE-476

nessus

NVD

Published: 2017-01-04

Updated: 2018-05-04

Summary

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.4.39 PHP PHP 5.4.40 PHP PHP 5.4.41 PHP PHP 5.4.42 PHP PHP 5.4.43 PHP PHP 5.4.44 PHP PHP 5.4.45 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.15 PHP PHP 5.5.16 PHP PHP 5.5.17 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.5.23 PHP PHP 5.5.24 PHP PHP 5.5.25 PHP PHP 5.5.26 PHP PHP 5.5.27 PHP PHP 5.5.28 PHP PHP 5.5.29 PHP PHP 5.5.30 PHP PHP 5.5.31 PHP PHP 5.5.32 PHP PHP 5.5.33 PHP PHP 5.5.34 PHP PHP 5.5.35 PHP PHP 5.5.36 PHP PHP 5.5.37 PHP PHP 5.5.38 PHP PHP 5.6.0 PHP PHP 5.6.1 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6 PHP PHP 5.6.7 PHP PHP 5.6.8 PHP PHP 5.6.9 PHP PHP 5.6.10 PHP PHP 5.6.11 PHP PHP 5.6.12 PHP PHP 5.6.13 PHP PHP 5.6.14 PHP PHP 5.6.15 PHP PHP 5.6.16 PHP PHP 5.6.17 PHP PHP 5.6.18 PHP PHP 5.6.19 PHP PHP 5.6.20 PHP PHP 5.6.21 PHP PHP 5.6.22 PHP PHP 5.6.23 PHP PHP 5.6.24 PHP PHP 5.6.25 PHP PHP 5.6.26 PHP PHP 5.6.27 PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.2 PHP PHP 7.0.3 PHP PHP 7.0.4 PHP PHP 7.0.5 PHP PHP 7.0.6 PHP PHP 7.0.7 PHP PHP 7.0.8 PHP PHP 7.0.9 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12	819

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-308.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-03-07
plugin id	97566
published	2017-03-07
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97566
title	openSUSE Security Update : php5 (openSUSE-2017-308)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-308. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(97566); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-308)"); script_summary(english:"Check for the openSUSE-2017-308 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015187" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015189" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1\|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-75.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2016-347-03.NASL
description	New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95725
published	2016-12-13
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95725
title	Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-347-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(95725); script_version("$Revision: 3.2 $"); script_cvs_date("$Date: 2017/09/21 13:38:14 $"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_xref(name:"SSA", value:"2016-347-03"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.429698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?349e3a10" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-788.NASL
description	The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
last seen	2020-06-01
modified	2020-06-02
plugin id	96806
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96806
title	Amazon Linux AMI : php70 (ALAS-2017-788)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-788. # include("compat.inc"); if (description) { script_id(96806); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"); script_xref(name:"ALAS", value:"2017-788"); script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-788.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php70' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-818.NASL
description	Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. - CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. - CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. - CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. - CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. - CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. - CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. - CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. - CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. - BUG-71323.patch Output of stream_get_meta_data can be falsified by its input - BUG-70979.patch Crash on bad SOAP request - BUG-71039.patch exec functions ignore length but look for NULL termination - BUG-71459.patch Integer overflow in iptcembed() - BUG-71391.patch NULL pointer Dereference in phar_tar_setupmetadata() - BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization For Debian 7
last seen	2020-03-17
modified	2017-02-08
plugin id	97052
published	2017-02-08
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97052
title	Debian DLA-818-1 : php5 security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-62.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-01-10
plugin id	96381
published	2017-01-10
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96381
title	openSUSE Security Update : php5 (openSUSE-2017-62)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-61.NASL
description	This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-01-10
plugin id	96380
published	2017-01-10
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96380
title	openSUSE Security Update : php7 (openSUSE-2017-61)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-787.NASL
description	A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
last seen	2020-06-01
modified	2020-06-02
plugin id	96805
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96805
title	Amazon Linux AMI : php56 (ALAS-2017-787)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3196-1.NASL
description	It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97190
published	2017-02-15
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97190
title	Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2649.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
last seen	2020-05-08
modified	2019-12-18
plugin id	132184
published	2019-12-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132184
title	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0017-1.NASL
description	This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119989
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119989
title	SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0038-1.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119990
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119990
title	SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0109-1.NASL
description	This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] - CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] - Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96431
published	2017-01-12
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96431
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)

NASL family	CGI abuses
NASL id	PHP_5_6_28.NASL
description	According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.28. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the parse_url() function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to have a multiple impacts depending on how the function is implemented, which can include bypassing authentication or conducting open redirection and server-side request forgery attacks. - An integer overflow condition exists in the _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. - A flaw exists in the bzcompress() function when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - An integer overflow condition exists in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds memory read or write, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code. - A denial of service flaw exists due to a flaw in Zend/zend_exceptions.c via a crafted Exception object in serialized data (CVE-2016-7478) - A Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library could lead to a denial of service condition. (CVE-2016-9933) - A denial of service flaw exists due to a flaw in ext/wddx/wddx.c via a crafted serialized data in a wddxPacket XML document. (CVE-2016-9934) Note that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 5.6.28.
last seen	2020-06-01
modified	2020-06-02
plugin id	94955
published	2016-11-18
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94955
title	PHP 5.6.x < 5.6.28 Multiple Vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2221.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a
last seen	2020-05-08
modified	2019-11-08
plugin id	130683
published	2019-11-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130683
title	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)

NASL family	CGI abuses
NASL id	PHP_7_1_0.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.0. It is, therefore, affected by the following vulnerabilities: - A stack consumption condition exists in the gdImageFillToBorder function of the gd.c script within the GD Graphics Library (libgd). An unauthenticated, remote attacker can exploit this issue, via a crafted call to imagefilltoborder using a negative color value, to cause the application to stop responding. (CVE-2016-9933) - A denial of service (DoS) vulnerability exists in the ext/wddx/wddx.c script. An unauthenticated, remote attacker can exploit this issue, via crafted serialized data in a wddxPacket XML document, to cause the application to stop responding. (CVE-2016-9934) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	122540
published	2019-03-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122540
title	PHP 7.1.x < 7.1.0 Multiple Vulnerabilities.

NASL family	CGI abuses
NASL id	PHP_7_0_13.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.13. It is, therefore, affected by multiple vulnerabilities : - A stack consumption condition exists in the gdImageFillToBorder function of the gd.c script within the GD Graphics Library (libgd). An unauthenticated, remote attacker can exploit this issue, via a crafted call to imagefilltoborder using a negative color value, to cause the application to stop responding. (CVE-2016-9933) - A denial of service (DoS) vulnerability exists in the ext/wddx/wddx.c script. An unauthenticated, remote attacker can exploit this issue, via crafted serialized data in a wddxPacket XML document, to cause the application to stop responding. (CVE-2016-9934) - A flaw exists in the parse_url() function due to returning the incorrect host. An unauthenticated, remote attacker can exploit this to have a multiple impacts depending on how the function is implemented, which can include bypassing authentication or conducting open redirection and server-side request forgery attacks. - An integer overflow condition exists in the _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. - An integer overflow condition exists in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds memory read or write, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code. Note that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 7.0.13.
last seen	2020-04-30
modified	2016-11-18
plugin id	94956
published	2016-11-18
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94956
title	PHP 7.0.x < 7.0.13 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1505.NASL
description	This security update for php5 fixes the following issues : - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189)
last seen	2020-06-05
modified	2016-12-27
plugin id	96130
published	2016-12-27
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96130
title	openSUSE Security Update : php5 (openSUSE-2016-1505)

NASL family	MacOS X Local Security Checks
NASL id	MACOS_10_12_3.NASL
description	The remote host is running a version of macOS that is 10.12.x prior to 10.12.3. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Bluetooth - Graphics Drivers - Help Viewer - IOAudioFamily - Kernel - libarchive - Vim - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	96731
published	2017-01-24
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96731
title	macOS 10.12.x < 10.12.3 Multiple Vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2438.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))\|(((?:(?:(?:(?:abc\|(?:abcdef))))b)abcdefghi )abc)\|((ACCEPT)))/ pattern and related patterns involving (ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
last seen	2020-05-08
modified	2019-12-04
plugin id	131592
published	2019-12-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131592
title	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3732.NASL
description	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.28, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://secure.php.net/ChangeLog-5.php#5.6.28
last seen	2020-06-01
modified	2020-06-02
plugin id	95776
published	2016-12-14
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95776
title	Debian DSA-3732-1 : php5 - security update

Redhat

advisories

rhsa

id	RHSA-2018:1296

rpms

rh-php70-php-0:7.0.27-1.el6
rh-php70-php-0:7.0.27-1.el7
rh-php70-php-bcmath-0:7.0.27-1.el6
rh-php70-php-bcmath-0:7.0.27-1.el7
rh-php70-php-cli-0:7.0.27-1.el6
rh-php70-php-cli-0:7.0.27-1.el7
rh-php70-php-common-0:7.0.27-1.el6
rh-php70-php-common-0:7.0.27-1.el7
rh-php70-php-dba-0:7.0.27-1.el6
rh-php70-php-dba-0:7.0.27-1.el7
rh-php70-php-dbg-0:7.0.27-1.el6
rh-php70-php-dbg-0:7.0.27-1.el7
rh-php70-php-debuginfo-0:7.0.27-1.el6
rh-php70-php-debuginfo-0:7.0.27-1.el7
rh-php70-php-devel-0:7.0.27-1.el6
rh-php70-php-devel-0:7.0.27-1.el7
rh-php70-php-embedded-0:7.0.27-1.el6
rh-php70-php-embedded-0:7.0.27-1.el7
rh-php70-php-enchant-0:7.0.27-1.el6
rh-php70-php-enchant-0:7.0.27-1.el7
rh-php70-php-fpm-0:7.0.27-1.el6
rh-php70-php-fpm-0:7.0.27-1.el7
rh-php70-php-gd-0:7.0.27-1.el6
rh-php70-php-gd-0:7.0.27-1.el7
rh-php70-php-gmp-0:7.0.27-1.el6
rh-php70-php-gmp-0:7.0.27-1.el7
rh-php70-php-imap-0:7.0.27-1.el6
rh-php70-php-intl-0:7.0.27-1.el6
rh-php70-php-intl-0:7.0.27-1.el7
rh-php70-php-json-0:7.0.27-1.el6
rh-php70-php-json-0:7.0.27-1.el7
rh-php70-php-ldap-0:7.0.27-1.el6
rh-php70-php-ldap-0:7.0.27-1.el7
rh-php70-php-mbstring-0:7.0.27-1.el6
rh-php70-php-mbstring-0:7.0.27-1.el7
rh-php70-php-mysqlnd-0:7.0.27-1.el6
rh-php70-php-mysqlnd-0:7.0.27-1.el7
rh-php70-php-odbc-0:7.0.27-1.el6
rh-php70-php-odbc-0:7.0.27-1.el7
rh-php70-php-opcache-0:7.0.27-1.el6
rh-php70-php-opcache-0:7.0.27-1.el7
rh-php70-php-pdo-0:7.0.27-1.el6
rh-php70-php-pdo-0:7.0.27-1.el7
rh-php70-php-pgsql-0:7.0.27-1.el6
rh-php70-php-pgsql-0:7.0.27-1.el7
rh-php70-php-process-0:7.0.27-1.el6
rh-php70-php-process-0:7.0.27-1.el7
rh-php70-php-pspell-0:7.0.27-1.el6
rh-php70-php-pspell-0:7.0.27-1.el7
rh-php70-php-recode-0:7.0.27-1.el6
rh-php70-php-recode-0:7.0.27-1.el7
rh-php70-php-snmp-0:7.0.27-1.el6
rh-php70-php-snmp-0:7.0.27-1.el7
rh-php70-php-soap-0:7.0.27-1.el6
rh-php70-php-soap-0:7.0.27-1.el7
rh-php70-php-tidy-0:7.0.27-1.el6
rh-php70-php-xml-0:7.0.27-1.el6
rh-php70-php-xml-0:7.0.27-1.el7
rh-php70-php-xmlrpc-0:7.0.27-1.el6
rh-php70-php-xmlrpc-0:7.0.27-1.el7
rh-php70-php-zip-0:7.0.27-1.el6
rh-php70-php-zip-0:7.0.27-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References