Vulnerabilities > CVE-2016-9935 - Out-of-bounds Read vulnerability in PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-308.NASL description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-03-07 plugin id 97566 published 2017-03-07 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97566 title openSUSE Security Update : php5 (openSUSE-2017-308) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-308. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(97566); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-308)"); script_summary(english:"Check for the openSUSE-2017-308 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015187" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015189" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-75.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-347-03.NASL description New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95725 published 2016-12-13 reporter This script is Copyright (C) 2016-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95725 title Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-347-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(95725); script_version("$Revision: 3.2 $"); script_cvs_date("$Date: 2017/09/21 13:38:14 $"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_xref(name:"SSA", value:"2016-347-03"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.429698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?349e3a10" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-788.NASL description The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936) last seen 2020-06-01 modified 2020-06-02 plugin id 96806 published 2017-01-27 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96806 title Amazon Linux AMI : php70 (ALAS-2017-788) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-788. # include("compat.inc"); if (description) { script_id(96806); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"); script_xref(name:"ALAS", value:"2017-788"); script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-788.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php70' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc"); }
NASL family MacOS X Local Security Checks NASL id MACOS_10_12_4.NASL description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 99134 published 2017-03-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99134 title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99134); script_version("1.9"); script_cvs_date("Date: 2019/11/13"); script_cve_id( "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070" ); script_bugtraq_id( 85919, 91247, 91816, 94572, 94650, 94742, 94744, 94745, 94746, 94747, 94753, 94754, 94846, 94968, 94972, 94975, 94977, 95019, 95076, 95077, 95078, 95375, 95764, 95768, 95774, 95783, 95852, 96767, 97132, 97134, 97137, 97140, 97146, 97147, 97300, 97301, 97303 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3"); script_xref(name:"CERT", value:"797896"); script_xref(name:"EDB-ID", value:"40961"); script_xref(name:"EDB-ID", value:"40962"); script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)"); script_summary(english:"Checks the version of macOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615"); # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a"); script_set_attribute(attribute:"see_also", value:"https://httpoxy.org"); script_set_attribute(attribute:"solution", value: "Upgrade to macOS version 10.12.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "')."); version = matches[1]; if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x"); fixed_version = "10.12.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { security_report_v4( port:0, severity:SECURITY_HOLE, xss:TRUE, extra: '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n' ); } else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-818.NASL description Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. - CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. - CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. - CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. - CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. - CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. - CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. - CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. - CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. - BUG-71323.patch Output of stream_get_meta_data can be falsified by its input - BUG-70979.patch Crash on bad SOAP request - BUG-71039.patch exec functions ignore length but look for NULL termination - BUG-71459.patch Integer overflow in iptcembed() - BUG-71391.patch NULL pointer Dereference in phar_tar_setupmetadata() - BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization For Debian 7 last seen 2020-03-17 modified 2017-02-08 plugin id 97052 published 2017-02-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97052 title Debian DLA-818-1 : php5 security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-62.NASL description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-01-10 plugin id 96381 published 2017-01-10 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96381 title openSUSE Security Update : php5 (openSUSE-2017-62) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3211-1.NASL description It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97384 published 2017-02-24 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97384 title Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-61.NASL description This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-01-10 plugin id 96380 published 2017-01-10 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96380 title openSUSE Security Update : php7 (openSUSE-2017-61) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3737.NASL description Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://php.net/ChangeLog-5.php#5.6.29 last seen 2020-06-01 modified 2020-06-02 plugin id 96016 published 2016-12-20 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96016 title Debian DSA-3737-1 : php5 - security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-787.NASL description A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) last seen 2020-06-01 modified 2020-06-02 plugin id 96805 published 2017-01-27 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96805 title Amazon Linux AMI : php56 (ALAS-2017-787) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3211-2.NASL description USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97521 published 2017-03-03 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97521 title Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6972668DCDB711E6A9A5B499BAEBFEAF.NASL description The PHP project reports : - Use After Free Vulnerability in unserialize() (CVE-2016-9936) - Invalid read when wddx decodes empty boolean element (CVE-2016-9935) last seen 2020-06-01 modified 2020-06-02 plugin id 96221 published 2017-01-03 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96221 title FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3196-1.NASL description It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97190 published 2017-02-15 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97190 title Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2649.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says last seen 2020-05-08 modified 2019-12-18 plugin id 132184 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132184 title EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0017-1.NASL description This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119989 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119989 title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0038-1.NASL description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119990 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119990 title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0109-1.NASL description This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] - CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] - Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96431 published 2017-01-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96431 title SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2221.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a last seen 2020-05-08 modified 2019-11-08 plugin id 130683 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130683 title EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201702-29.NASL description The remote host is affected by the vulnerability described in GLSA-201702-29 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 97272 published 2017-02-21 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97272 title GLSA-201702-29 : PHP: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1505.NASL description This security update for php5 fixes the following issues : - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189) last seen 2020-06-05 modified 2016-12-27 plugin id 96130 published 2016-12-27 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96130 title openSUSE Security Update : php5 (openSUSE-2016-1505) NASL family CGI abuses NASL id PHP_5_6_29.NASL description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A flaw exists in the in the openssl_pbkdf2() function in ext/openssl/openssl.c that is triggered when handling overly large key length parameters. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 95874 published 2016-12-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95874 title PHP 5.6.x < 5.6.29 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2438.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension last seen 2020-05-08 modified 2019-12-04 plugin id 131592 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131592 title EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) NASL family CGI abuses NASL id PHP_7_0_14.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 95875 published 2016-12-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95875 title PHP 7.0.x < 7.0.14 Multiple Vulnerabilities
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
- http://www.debian.org/security/2016/dsa-3737
- http://www.debian.org/security/2016/dsa-3737
- http://www.openwall.com/lists/oss-security/2016/12/12/2
- http://www.openwall.com/lists/oss-security/2016/12/12/2
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/ChangeLog-7.php
- http://www.php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/94846
- http://www.securityfocus.com/bid/94846
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2018:1296
- https://bugs.php.net/bug.php?id=73631
- https://bugs.php.net/bug.php?id=73631
- https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
- https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
- https://security.gentoo.org/glsa/201702-29
- https://security.gentoo.org/glsa/201702-29