Vulnerabilities > CVE-2016-9935 - Out-of-bounds Read vulnerability in PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php
CWE-125
nessus

Summary

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Vulnerable Configurations

Part Description Count
Application
Php
823

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-308.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-03-07
    plugin id97566
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97566
    titleopenSUSE Security Update : php5 (openSUSE-2017-308)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-308.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97566);
      script_version("3.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-308)");
      script_summary(english:"Check for the openSUSE-2017-308 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
      - CVE-2016-9933 Possible stack overflow on truecolor
        images handling [bsc#1015187]
    
      - CVE-2016-9934 Dereference from NULL pointer could lead
        to crash [bsc#1015188]
    
      - CVE-2016-9935 Invalid read could lead to crash
        [bsc#1015189]
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015189"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-75.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-75.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-75.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-347-03.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95725
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95725
    titleSlackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2016-347-03. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95725);
      script_version("$Revision: 3.2 $");
      script_cvs_date("$Date: 2017/09/21 13:38:14 $");
    
      script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935");
      script_xref(name:"SSA", value:"2016-347-03");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 14.0, 14.1, 14.2, and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.429698
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?349e3a10"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-788.NASL
    descriptionThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
    last seen2020-06-01
    modified2020-06-02
    plugin id96806
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96806
    titleAmazon Linux AMI : php70 (ALAS-2017-788)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2017-788.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96806);
      script_version("3.2");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936");
      script_xref(name:"ALAS", value:"2017-788");
    
      script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SplObjectStorage unserialize implementation in
    ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key
    is an object, which allows remote attackers to execute arbitrary code
    or cause a denial of service (uninitialized memory access) via crafted
    serialized data. (CVE-2016-7480)
    
    Use-after-free vulnerability in the CURLFile implementation in
    ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers
    to cause a denial of service or possibly have unspecified other impact
    via crafted serialized data that is mishandled during __wakeup
    processing. (CVE-2016-9137)
    
    Stack consumption vulnerability in the gdImageFillToBorder function in
    gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in
    PHP 7.x before 7.0.13, allows remote attackers to cause a denial of
    service (segmentation violation) via a crafted imagefilltoborder call
    that triggers use of a negative color value. (CVE-2016-9933)
    
    ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to
    cause a denial of service (NULL pointer dereference) via crafted
    serialized data in a wddxPacket XML document, as demonstrated by a
    PDORow string. (CVE-2016-9934)
    
    The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x
    before 7.0.14 allows remote attackers to cause a denial of service
    (out-of-bounds read and memory corruption) or possibly have
    unspecified other impact via an empty boolean element in a wddxPacket
    XML document. (CVE-2016-9935)
    
    The unserialize implementation in ext/standard/var.c in PHP 7.x before
    7.0.14 allows remote attackers to cause a denial of service
    (use-after-free) or possibly have unspecified other impact via crafted
    serialized data. This vulnerability exists because of an incomplete
    fix for CVE-2015-6834 . (CVE-2016-9936)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2017-788.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php70' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_12_4.NASL
    descriptionThe remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id99134
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99134
    titlemacOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99134);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-0736",
        "CVE-2016-2161",
        "CVE-2016-3619",
        "CVE-2016-4688",
        "CVE-2016-5387",
        "CVE-2016-5636",
        "CVE-2016-7056",
        "CVE-2016-7585",
        "CVE-2016-7922",
        "CVE-2016-7923",
        "CVE-2016-7924",
        "CVE-2016-7925",
        "CVE-2016-7926",
        "CVE-2016-7927",
        "CVE-2016-7928",
        "CVE-2016-7929",
        "CVE-2016-7930",
        "CVE-2016-7931",
        "CVE-2016-7932",
        "CVE-2016-7933",
        "CVE-2016-7934",
        "CVE-2016-7935",
        "CVE-2016-7936",
        "CVE-2016-7937",
        "CVE-2016-7938",
        "CVE-2016-7939",
        "CVE-2016-7940",
        "CVE-2016-7973",
        "CVE-2016-7974",
        "CVE-2016-7975",
        "CVE-2016-7983",
        "CVE-2016-7984",
        "CVE-2016-7985",
        "CVE-2016-7986",
        "CVE-2016-7992",
        "CVE-2016-7993",
        "CVE-2016-8574",
        "CVE-2016-8575",
        "CVE-2016-8740",
        "CVE-2016-8743",
        "CVE-2016-9533",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9538",
        "CVE-2016-9539",
        "CVE-2016-9540",
        "CVE-2016-9586",
        "CVE-2016-9935",
        "CVE-2016-10009",
        "CVE-2016-10010",
        "CVE-2016-10011",
        "CVE-2016-10012",
        "CVE-2016-10158",
        "CVE-2016-10159",
        "CVE-2016-10160",
        "CVE-2016-10161",
        "CVE-2017-2379",
        "CVE-2017-2381",
        "CVE-2017-2388",
        "CVE-2017-2390",
        "CVE-2017-2398",
        "CVE-2017-2401",
        "CVE-2017-2402",
        "CVE-2017-2403",
        "CVE-2017-2406",
        "CVE-2017-2407",
        "CVE-2017-2408",
        "CVE-2017-2409",
        "CVE-2017-2410",
        "CVE-2017-2413",
        "CVE-2017-2416",
        "CVE-2017-2417",
        "CVE-2017-2418",
        "CVE-2017-2420",
        "CVE-2017-2421",
        "CVE-2017-2422",
        "CVE-2017-2423",
        "CVE-2017-2425",
        "CVE-2017-2426",
        "CVE-2017-2427",
        "CVE-2017-2428",
        "CVE-2017-2429",
        "CVE-2017-2430",
        "CVE-2017-2431",
        "CVE-2017-2432",
        "CVE-2017-2435",
        "CVE-2017-2436",
        "CVE-2017-2437",
        "CVE-2017-2438",
        "CVE-2017-2439",
        "CVE-2017-2440",
        "CVE-2017-2441",
        "CVE-2017-2443",
        "CVE-2017-2448",
        "CVE-2017-2449",
        "CVE-2017-2450",
        "CVE-2017-2451",
        "CVE-2017-2456",
        "CVE-2017-2458",
        "CVE-2017-2461",
        "CVE-2017-2462",
        "CVE-2017-2467",
        "CVE-2017-2472",
        "CVE-2017-2473",
        "CVE-2017-2474",
        "CVE-2017-2477",
        "CVE-2017-2478",
        "CVE-2017-2482",
        "CVE-2017-2483",
        "CVE-2017-2485",
        "CVE-2017-2487",
        "CVE-2017-2489",
        "CVE-2017-2490",
        "CVE-2017-5029",
        "CVE-2017-5202",
        "CVE-2017-5203",
        "CVE-2017-5204",
        "CVE-2017-5205",
        "CVE-2017-5341",
        "CVE-2017-5342",
        "CVE-2017-5482",
        "CVE-2017-5483",
        "CVE-2017-5484",
        "CVE-2017-5485",
        "CVE-2017-5486",
        "CVE-2017-6974",
        "CVE-2017-7070"
      );
      script_bugtraq_id(
        85919,
        91247,
        91816,
        94572,
        94650,
        94742,
        94744,
        94745,
        94746,
        94747,
        94753,
        94754,
        94846,
        94968,
        94972,
        94975,
        94977,
        95019,
        95076,
        95077,
        95078,
        95375,
        95764,
        95768,
        95774,
        95783,
        95852,
        96767,
        97132,
        97134,
        97137,
        97140,
        97146,
        97147,
        97300,
        97301,
        97303
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3");
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"40961");
      script_xref(name:"EDB-ID", value:"40962");
    
      script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)");
      script_summary(english:"Checks the version of macOS.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS update that fixes multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of macOS that is 10.12.x prior to
    10.12.4. It is, therefore, affected by multiple vulnerabilities in
    multiple components, some of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can exploit these
    remote code execution vulnerabilities by convincing a user to visit a
    specially crafted website, resulting in the execution of arbitrary
    code in the context of the current user. The affected components are
    as follows :
    
      - apache
      - apache_mod_php
      - AppleGraphicsPowerManagement
      - AppleRAID
      - Audio
      - Bluetooth
      - Carbon
      - CoreGraphics
      - CoreMedia
      - CoreText
      - curl
      - EFI
      - FinderKit
      - FontParser
      - HTTPProtocol
      - Hypervisor
      - iBooks
      - ImageIO
      - Intel Graphics Driver
      - IOATAFamily
      - IOFireWireAVC
      - IOFireWireFamily
      - Kernel
      - Keyboards
      - libarchive
      - libc++abi
      - LibreSSL
      - MCX Client
      - Menus
      - Multi-Touch
      - OpenSSH
      - OpenSSL
      - Printing
      - python
      - QuickTime
      - Security
      - SecurityFoundation
      - sudo
      - System Integrity Protection
      - tcpdump
      - tiffutil
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615");
      # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to macOS version 10.12.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
    matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");
    
    version = matches[1];
    if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x");
    
    fixed_version = "10.12.4";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      security_report_v4(
        port:0,
        severity:SECURITY_HOLE,
        xss:TRUE,
        extra:
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n'
      );
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-818.NASL
    descriptionSeveral issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. - CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. - CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. - CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. - CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. - CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. - CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. - CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. - CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. - BUG-71323.patch Output of stream_get_meta_data can be falsified by its input - BUG-70979.patch Crash on bad SOAP request - BUG-71039.patch exec functions ignore length but look for NULL termination - BUG-71459.patch Integer overflow in iptcembed() - BUG-71391.patch NULL pointer Dereference in phar_tar_setupmetadata() - BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization For Debian 7
    last seen2020-03-17
    modified2017-02-08
    plugin id97052
    published2017-02-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97052
    titleDebian DLA-818-1 : php5 security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-62.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96381
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96381
    titleopenSUSE Security Update : php5 (openSUSE-2017-62)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3211-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97384
    published2017-02-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97384
    titleUbuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-61.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96380
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96380
    titleopenSUSE Security Update : php7 (openSUSE-2017-61)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3737.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://php.net/ChangeLog-5.php#5.6.29
    last seen2020-06-01
    modified2020-06-02
    plugin id96016
    published2016-12-20
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96016
    titleDebian DSA-3737-1 : php5 - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-787.NASL
    descriptionA vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
    last seen2020-06-01
    modified2020-06-02
    plugin id96805
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96805
    titleAmazon Linux AMI : php56 (ALAS-2017-787)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3211-2.NASL
    descriptionUSN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97521
    published2017-03-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97521
    titleUbuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6972668DCDB711E6A9A5B499BAEBFEAF.NASL
    descriptionThe PHP project reports : - Use After Free Vulnerability in unserialize() (CVE-2016-9936) - Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
    last seen2020-06-01
    modified2020-06-02
    plugin id96221
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96221
    titleFreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3196-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97190
    published2017-02-15
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97190
    titleUbuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0017-1.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119989
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119989
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0038-1.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119990
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119990
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0109-1.NASL
    descriptionThis update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] - CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] - Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96431
    published2017-01-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96431
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2221.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a
    last seen2020-05-08
    modified2019-11-08
    plugin id130683
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130683
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201702-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201702-29 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id97272
    published2017-02-21
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97272
    titleGLSA-201702-29 : PHP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1505.NASL
    descriptionThis security update for php5 fixes the following issues : - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189)
    last seen2020-06-05
    modified2016-12-27
    plugin id96130
    published2016-12-27
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96130
    titleopenSUSE Security Update : php5 (openSUSE-2016-1505)
  • NASL familyCGI abuses
    NASL idPHP_5_6_29.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A flaw exists in the in the openssl_pbkdf2() function in ext/openssl/openssl.c that is triggered when handling overly large key length parameters. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id95874
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95874
    titlePHP 5.6.x < 5.6.29 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)
  • NASL familyCGI abuses
    NASL idPHP_7_0_14.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id95875
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95875
    titlePHP 7.0.x < 7.0.14 Multiple Vulnerabilities

Redhat

advisories
rhsa
idRHSA-2018:1296
rpms
  • rh-php70-php-0:7.0.27-1.el6
  • rh-php70-php-0:7.0.27-1.el7
  • rh-php70-php-bcmath-0:7.0.27-1.el6
  • rh-php70-php-bcmath-0:7.0.27-1.el7
  • rh-php70-php-cli-0:7.0.27-1.el6
  • rh-php70-php-cli-0:7.0.27-1.el7
  • rh-php70-php-common-0:7.0.27-1.el6
  • rh-php70-php-common-0:7.0.27-1.el7
  • rh-php70-php-dba-0:7.0.27-1.el6
  • rh-php70-php-dba-0:7.0.27-1.el7
  • rh-php70-php-dbg-0:7.0.27-1.el6
  • rh-php70-php-dbg-0:7.0.27-1.el7
  • rh-php70-php-debuginfo-0:7.0.27-1.el6
  • rh-php70-php-debuginfo-0:7.0.27-1.el7
  • rh-php70-php-devel-0:7.0.27-1.el6
  • rh-php70-php-devel-0:7.0.27-1.el7
  • rh-php70-php-embedded-0:7.0.27-1.el6
  • rh-php70-php-embedded-0:7.0.27-1.el7
  • rh-php70-php-enchant-0:7.0.27-1.el6
  • rh-php70-php-enchant-0:7.0.27-1.el7
  • rh-php70-php-fpm-0:7.0.27-1.el6
  • rh-php70-php-fpm-0:7.0.27-1.el7
  • rh-php70-php-gd-0:7.0.27-1.el6
  • rh-php70-php-gd-0:7.0.27-1.el7
  • rh-php70-php-gmp-0:7.0.27-1.el6
  • rh-php70-php-gmp-0:7.0.27-1.el7
  • rh-php70-php-imap-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el7
  • rh-php70-php-json-0:7.0.27-1.el6
  • rh-php70-php-json-0:7.0.27-1.el7
  • rh-php70-php-ldap-0:7.0.27-1.el6
  • rh-php70-php-ldap-0:7.0.27-1.el7
  • rh-php70-php-mbstring-0:7.0.27-1.el6
  • rh-php70-php-mbstring-0:7.0.27-1.el7
  • rh-php70-php-mysqlnd-0:7.0.27-1.el6
  • rh-php70-php-mysqlnd-0:7.0.27-1.el7
  • rh-php70-php-odbc-0:7.0.27-1.el6
  • rh-php70-php-odbc-0:7.0.27-1.el7
  • rh-php70-php-opcache-0:7.0.27-1.el6
  • rh-php70-php-opcache-0:7.0.27-1.el7
  • rh-php70-php-pdo-0:7.0.27-1.el6
  • rh-php70-php-pdo-0:7.0.27-1.el7
  • rh-php70-php-pgsql-0:7.0.27-1.el6
  • rh-php70-php-pgsql-0:7.0.27-1.el7
  • rh-php70-php-process-0:7.0.27-1.el6
  • rh-php70-php-process-0:7.0.27-1.el7
  • rh-php70-php-pspell-0:7.0.27-1.el6
  • rh-php70-php-pspell-0:7.0.27-1.el7
  • rh-php70-php-recode-0:7.0.27-1.el6
  • rh-php70-php-recode-0:7.0.27-1.el7
  • rh-php70-php-snmp-0:7.0.27-1.el6
  • rh-php70-php-snmp-0:7.0.27-1.el7
  • rh-php70-php-soap-0:7.0.27-1.el6
  • rh-php70-php-soap-0:7.0.27-1.el7
  • rh-php70-php-tidy-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el7
  • rh-php70-php-xmlrpc-0:7.0.27-1.el6
  • rh-php70-php-xmlrpc-0:7.0.27-1.el7
  • rh-php70-php-zip-0:7.0.27-1.el6
  • rh-php70-php-zip-0:7.0.27-1.el7