Vulnerabilities > CVE-2016-9935 - Out-of-bounds Read vulnerability in PHP

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

php

CWE-125

critical

nessus

NVD

Published: 2017-01-04

Updated: 2018-05-04

Summary

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.4.39 PHP PHP 5.4.40 PHP PHP 5.4.41 PHP PHP 5.4.42 PHP PHP 5.4.43 PHP PHP 5.4.44 PHP PHP 5.4.45 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.15 PHP PHP 5.5.16 PHP PHP 5.5.17 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.5.23 PHP PHP 5.5.24 PHP PHP 5.5.25 PHP PHP 5.5.26 PHP PHP 5.5.27 PHP PHP 5.5.28 PHP PHP 5.5.29 PHP PHP 5.5.30 PHP PHP 5.5.31 PHP PHP 5.5.32 PHP PHP 5.5.33 PHP PHP 5.5.34 PHP PHP 5.5.35 PHP PHP 5.5.36 PHP PHP 5.5.37 PHP PHP 5.5.38 PHP PHP 5.6.0 PHP PHP 5.6.1 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6 PHP PHP 5.6.7 PHP PHP 5.6.8 PHP PHP 5.6.9 PHP PHP 5.6.10 PHP PHP 5.6.11 PHP PHP 5.6.12 PHP PHP 5.6.13 PHP PHP 5.6.14 PHP PHP 5.6.15 PHP PHP 5.6.16 PHP PHP 5.6.17 PHP PHP 5.6.18 PHP PHP 5.6.19 PHP PHP 5.6.20 PHP PHP 5.6.21 PHP PHP 5.6.22 PHP PHP 5.6.23 PHP PHP 5.6.24 PHP PHP 5.6.25 PHP PHP 5.6.26 PHP PHP 5.6.27 PHP PHP 5.6.28 PHP PHP 7.0.11 PHP PHP 7.0.4 PHP PHP 7.0.3 PHP PHP 7.0.1 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP 7.0.7 PHP PHP 7.0.2 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.5 PHP PHP 7.0.10 PHP PHP 7.0.0 PHP PHP 7.0.6	827

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-308.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-03-07
plugin id	97566
published	2017-03-07
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97566
title	openSUSE Security Update : php5 (openSUSE-2017-308)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-308. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(97566); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-308)"); script_summary(english:"Check for the openSUSE-2017-308 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015187" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015189" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1\|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"apache2-mod_php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bcmath-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-bz2-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-calendar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ctype-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-curl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dba-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-debugsource-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-devel-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-dom-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-enchant-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-exif-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fastcgi-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fileinfo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-firebird-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-fpm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ftp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gd-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gettext-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-gmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-iconv-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-imap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-intl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-json-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-ldap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mbstring-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mcrypt-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mssql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-mysql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-odbc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-opcache-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-openssl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pcntl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pdo-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pear-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pgsql-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-phar-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-posix-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-pspell-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-readline-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-shmop-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-snmp-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-soap-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sockets-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sqlite-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-suhosin-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvmsg-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvsem-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-sysvshm-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tidy-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-tokenizer-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-wddx-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlreader-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlrpc-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xmlwriter-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-xsl-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zip-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"php5-zlib-debuginfo-5.5.14-75.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-75.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-75.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2016-347-03.NASL
description	New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95725
published	2016-12-13
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95725
title	Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-347-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(95725); script_version("$Revision: 3.2 $"); script_cvs_date("$Date: 2017/09/21 13:38:14 $"); script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935"); script_xref(name:"SSA", value:"2016-347-03"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.429698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?349e3a10" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.6.29", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.29", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.29", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-788.NASL
description	The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
last seen	2020-06-01
modified	2020-06-02
plugin id	96806
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96806
title	Amazon Linux AMI : php70 (ALAS-2017-788)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-788. # include("compat.inc"); if (description) { script_id(96806); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"); script_xref(name:"ALAS", value:"2017-788"); script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-788.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php70' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOS_10_12_4.NASL
description	The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	99134
published	2017-03-31
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99134
title	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99134); script_version("1.9"); script_cvs_date("Date: 2019/11/13"); script_cve_id( "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070" ); script_bugtraq_id( 85919, 91247, 91816, 94572, 94650, 94742, 94744, 94745, 94746, 94747, 94753, 94754, 94846, 94968, 94972, 94975, 94977, 95019, 95076, 95077, 95078, 95375, 95764, 95768, 95774, 95783, 95852, 96767, 97132, 97134, 97137, 97140, 97146, 97147, 97300, 97301, 97303 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3"); script_xref(name:"CERT", value:"797896"); script_xref(name:"EDB-ID", value:"40961"); script_xref(name:"EDB-ID", value:"40962"); script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)"); script_summary(english:"Checks the version of macOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615"); # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a"); script_set_attribute(attribute:"see_also", value:"https://httpoxy.org"); script_set_attribute(attribute:"solution", value: "Upgrade to macOS version 10.12.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "')."); version = matches[1]; if (version !~ "^10\.12($\|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x"); fixed_version = "10.12.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { security_report_v4( port:0, severity:SECURITY_HOLE, xss:TRUE, extra: '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n' ); } else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-818.NASL
description	Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. - CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. - CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. - CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. - CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. - CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. - CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. - CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. - CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. - BUG-71323.patch Output of stream_get_meta_data can be falsified by its input - BUG-70979.patch Crash on bad SOAP request - BUG-71039.patch exec functions ignore length but look for NULL termination - BUG-71459.patch Integer overflow in iptcembed() - BUG-71391.patch NULL pointer Dereference in phar_tar_setupmetadata() - BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization For Debian 7
last seen	2020-03-17
modified	2017-02-08
plugin id	97052
published	2017-02-08
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97052
title	Debian DLA-818-1 : php5 security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-62.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-01-10
plugin id	96381
published	2017-01-10
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96381
title	openSUSE Security Update : php5 (openSUSE-2017-62)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3211-1.NASL
description	It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97384
published	2017-02-24
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97384
title	Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-61.NASL
description	This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2017-01-10
plugin id	96380
published	2017-01-10
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96380
title	openSUSE Security Update : php7 (openSUSE-2017-61)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3737.NASL
description	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://php.net/ChangeLog-5.php#5.6.29
last seen	2020-06-01
modified	2020-06-02
plugin id	96016
published	2016-12-20
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96016
title	Debian DSA-3737-1 : php5 - security update

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-787.NASL
description	A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
last seen	2020-06-01
modified	2020-06-02
plugin id	96805
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96805
title	Amazon Linux AMI : php56 (ALAS-2017-787)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3211-2.NASL
description	USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97521
published	2017-03-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97521
title	Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6972668DCDB711E6A9A5B499BAEBFEAF.NASL
description	The PHP project reports : - Use After Free Vulnerability in unserialize() (CVE-2016-9936) - Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
last seen	2020-06-01
modified	2020-06-02
plugin id	96221
published	2017-01-03
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96221
title	FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3196-1.NASL
description	It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97190
published	2017-02-15
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97190
title	Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2649.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
last seen	2020-05-08
modified	2019-12-18
plugin id	132184
published	2019-12-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132184
title	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0017-1.NASL
description	This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119989
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119989
title	SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0038-1.NASL
description	This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119990
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119990
title	SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0109-1.NASL
description	This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] - CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] - Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96431
published	2017-01-12
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96431
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2221.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a
last seen	2020-05-08
modified	2019-11-08
plugin id	130683
published	2019-11-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130683
title	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201702-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-201702-29 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	97272
published	2017-02-21
reporter	This script is Copyright (C) 2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97272
title	GLSA-201702-29 : PHP: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1505.NASL
description	This security update for php5 fixes the following issues : - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189)
last seen	2020-06-05
modified	2016-12-27
plugin id	96130
published	2016-12-27
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96130
title	openSUSE Security Update : php5 (openSUSE-2016-1505)

NASL family	CGI abuses
NASL id	PHP_5_6_29.NASL
description	According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A flaw exists in the in the openssl_pbkdf2() function in ext/openssl/openssl.c that is triggered when handling overly large key length parameters. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	95874
published	2016-12-15
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95874
title	PHP 5.6.x < 5.6.29 Multiple Vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2438.NASL
description	According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))\|(((?:(?:(?:(?:abc\|(?:abcdef))))b)abcdefghi )abc)\|((ACCEPT)))/ pattern and related patterns involving (ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
last seen	2020-05-08
modified	2019-12-04
plugin id	131592
published	2019-12-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131592
title	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)

NASL family	CGI abuses
NASL id	PHP_7_0_14.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	95875
published	2016-12-15
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95875
title	PHP 7.0.x < 7.0.14 Multiple Vulnerabilities

Redhat

advisories

rhsa

id	RHSA-2018:1296

rpms

rh-php70-php-0:7.0.27-1.el6
rh-php70-php-0:7.0.27-1.el7
rh-php70-php-bcmath-0:7.0.27-1.el6
rh-php70-php-bcmath-0:7.0.27-1.el7
rh-php70-php-cli-0:7.0.27-1.el6
rh-php70-php-cli-0:7.0.27-1.el7
rh-php70-php-common-0:7.0.27-1.el6
rh-php70-php-common-0:7.0.27-1.el7
rh-php70-php-dba-0:7.0.27-1.el6
rh-php70-php-dba-0:7.0.27-1.el7
rh-php70-php-dbg-0:7.0.27-1.el6
rh-php70-php-dbg-0:7.0.27-1.el7
rh-php70-php-debuginfo-0:7.0.27-1.el6
rh-php70-php-debuginfo-0:7.0.27-1.el7
rh-php70-php-devel-0:7.0.27-1.el6
rh-php70-php-devel-0:7.0.27-1.el7
rh-php70-php-embedded-0:7.0.27-1.el6
rh-php70-php-embedded-0:7.0.27-1.el7
rh-php70-php-enchant-0:7.0.27-1.el6
rh-php70-php-enchant-0:7.0.27-1.el7
rh-php70-php-fpm-0:7.0.27-1.el6
rh-php70-php-fpm-0:7.0.27-1.el7
rh-php70-php-gd-0:7.0.27-1.el6
rh-php70-php-gd-0:7.0.27-1.el7
rh-php70-php-gmp-0:7.0.27-1.el6
rh-php70-php-gmp-0:7.0.27-1.el7
rh-php70-php-imap-0:7.0.27-1.el6
rh-php70-php-intl-0:7.0.27-1.el6
rh-php70-php-intl-0:7.0.27-1.el7
rh-php70-php-json-0:7.0.27-1.el6
rh-php70-php-json-0:7.0.27-1.el7
rh-php70-php-ldap-0:7.0.27-1.el6
rh-php70-php-ldap-0:7.0.27-1.el7
rh-php70-php-mbstring-0:7.0.27-1.el6
rh-php70-php-mbstring-0:7.0.27-1.el7
rh-php70-php-mysqlnd-0:7.0.27-1.el6
rh-php70-php-mysqlnd-0:7.0.27-1.el7
rh-php70-php-odbc-0:7.0.27-1.el6
rh-php70-php-odbc-0:7.0.27-1.el7
rh-php70-php-opcache-0:7.0.27-1.el6
rh-php70-php-opcache-0:7.0.27-1.el7
rh-php70-php-pdo-0:7.0.27-1.el6
rh-php70-php-pdo-0:7.0.27-1.el7
rh-php70-php-pgsql-0:7.0.27-1.el6
rh-php70-php-pgsql-0:7.0.27-1.el7
rh-php70-php-process-0:7.0.27-1.el6
rh-php70-php-process-0:7.0.27-1.el7
rh-php70-php-pspell-0:7.0.27-1.el6
rh-php70-php-pspell-0:7.0.27-1.el7
rh-php70-php-recode-0:7.0.27-1.el6
rh-php70-php-recode-0:7.0.27-1.el7
rh-php70-php-snmp-0:7.0.27-1.el6
rh-php70-php-snmp-0:7.0.27-1.el7
rh-php70-php-soap-0:7.0.27-1.el6
rh-php70-php-soap-0:7.0.27-1.el7
rh-php70-php-tidy-0:7.0.27-1.el6
rh-php70-php-xml-0:7.0.27-1.el6
rh-php70-php-xml-0:7.0.27-1.el7
rh-php70-php-xmlrpc-0:7.0.27-1.el6
rh-php70-php-xmlrpc-0:7.0.27-1.el7
rh-php70-php-zip-0:7.0.27-1.el6
rh-php70-php-zip-0:7.0.27-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References