Vulnerabilities > CVE-2016-9936 - Use After Free vulnerability in PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php
CWE-416
nessus
NVD
Published: 2017-01-04
Updated: 2018-05-04

Summary

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.

Vulnerable Configurations

Part Description Count
Application
Php
14

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-788.NASL
    descriptionThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
    last seen2020-06-01
    modified2020-06-02
    plugin id96806
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96806
    titleAmazon Linux AMI : php70 (ALAS-2017-788)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-788.
#

include("compat.inc");

if (description)
{
  script_id(96806);
  script_version("3.2");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936");
  script_xref(name:"ALAS", value:"2017-788");

  script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-788)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SplObjectStorage unserialize implementation in
ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key
is an object, which allows remote attackers to execute arbitrary code
or cause a denial of service (uninitialized memory access) via crafted
serialized data. (CVE-2016-7480)

Use-after-free vulnerability in the CURLFile implementation in
ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers
to cause a denial of service or possibly have unspecified other impact
via crafted serialized data that is mishandled during __wakeup
processing. (CVE-2016-9137)

Stack consumption vulnerability in the gdImageFillToBorder function in
gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in
PHP 7.x before 7.0.13, allows remote attackers to cause a denial of
service (segmentation violation) via a crafted imagefilltoborder call
that triggers use of a negative color value. (CVE-2016-9933)

ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to
cause a denial of service (NULL pointer dereference) via crafted
serialized data in a wddxPacket XML document, as demonstrated by a
PDORow string. (CVE-2016-9934)

The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x
before 7.0.14 allows remote attackers to cause a denial of service
(out-of-bounds read and memory corruption) or possibly have
unspecified other impact via an empty boolean element in a wddxPacket
XML document. (CVE-2016-9935)

The unserialize implementation in ext/standard/var.c in PHP 7.x before
7.0.14 allows remote attackers to cause a denial of service
(use-after-free) or possibly have unspecified other impact via crafted
serialized data. This vulnerability exists because of an incomplete
fix for CVE-2015-6834 . (CVE-2016-9936)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-788.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php70' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php70-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-cli-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-common-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dba-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-devel-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gd-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-imap-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-intl-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-json-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-process-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-recode-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-soap-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xml-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.14-1.20.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-zip-7.0.14-1.20.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3211-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97384
    published2017-02-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97384
    titleUbuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3211-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97384);
  script_version("3.6");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-5340");
  script_xref(name:"USN", value:"3211-1");

  script_name(english:"Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-7479)

It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-9137)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-9935)

It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-9936)

It was discovered that PHP incorrectly handled certain EXIF data. A
remote attacker could use this issue to cause PHP to crash, resulting
in a denial of service. (CVE-2016-10158)

It was discovered that PHP incorrectly handled certain PHAR archives.
A remote attacker could use this issue to cause PHP to crash or
consume resources, resulting in a denial of service. (CVE-2016-10159)

It was discovered that PHP incorrectly handled certain PHAR archives.
A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-10160)

It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2016-10161)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2016-10162)

It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2017-5340).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3211-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.04.2")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.10.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / php7.0-cgi / php7.0-cli / php7.0-fpm");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-61.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96380
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96380
    titleopenSUSE Security Update : php7 (openSUSE-2017-61)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-61.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(96380);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936");

  script_name(english:"openSUSE Security Update : php7 (openSUSE-2017-61)");
  script_summary(english:"Check for the openSUSE-2017-61 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php7 fixes the following issues :

  - CVE-2016-9933 Possible stack overflow on truecolor
    images handling [bsc#1015187]

  - CVE-2016-9934 Dereference from NULL pointer could lead
    to crash [bsc#1015188]

  - CVE-2016-9935 Invalid read could lead to crash
    [bsc#1015189]

  - CVE-2016-9936 Use After free in the function serialize()
    could lead to crash [bsc#1015191]

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015187"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015191"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php7 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php7-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-bcmath-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-bz2-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-calendar-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ctype-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-curl-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-dba-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-debugsource-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-devel-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-dom-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-enchant-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-exif-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fastcgi-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fileinfo-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-firebird-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-fpm-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ftp-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gd-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gettext-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-gmp-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-iconv-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-imap-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-intl-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-json-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-json-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-ldap-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mbstring-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mcrypt-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-mysql-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-odbc-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-opcache-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-openssl-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pcntl-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pdo-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pear-Archive_Tar-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pgsql-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-phar-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-posix-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-pspell-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-readline-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-shmop-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-snmp-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-soap-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sockets-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sqlite-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvmsg-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvsem-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-sysvshm-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-tidy-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-tokenizer-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-wddx-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlreader-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlrpc-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xmlwriter-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-xsl-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-zip-debuginfo-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-7.0.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php7-zlib-debuginfo-7.0.7-9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3211-2.NASL
    descriptionUSN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97521
    published2017-03-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97521
    titleUbuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3211-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97521);
  script_version("3.6");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-7479", "CVE-2016-9137", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-5340");
  script_xref(name:"USN", value:"3211-2");

  script_name(english:"Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL
with large blobs. This update fixes the problem with a backported fix.

It was discovered that PHP incorrectly handled certain invalid objects
when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-7479)

It was discovered that PHP incorrectly handled certain
invalid objects when unserializing data. A remote attacker
could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2016-9137)

It was discovered that PHP incorrectly handled unserializing
certain wddxPacket XML documents. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial
of service, or possibly execute arbitrary code.
(CVE-2016-9935)

It was discovered that PHP incorrectly handled certain
invalid objects when unserializing data. A remote attacker
could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2016-9936)

It was discovered that PHP incorrectly handled certain EXIF
data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2016-10158)

It was discovered that PHP incorrectly handled certain PHAR
archives. A remote attacker could use this issue to cause
PHP to crash or consume resources, resulting in a denial of
service. (CVE-2016-10159)

It was discovered that PHP incorrectly handled certain PHAR
archives. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-10160)

It was discovered that PHP incorrectly handled certain
invalid objects when unserializing data. A remote attacker
could use this issue to cause PHP to crash, resulting in a
denial of service. (CVE-2016-10161)

It was discovered that PHP incorrectly handled unserializing
certain wddxPacket XML documents. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2016-10162)

It was discovered that PHP incorrectly handled certain
invalid objects when unserializing data. A remote attacker
could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2017-5340).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3211-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.04.4")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cgi", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-cli", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"php7.0-fpm", pkgver:"7.0.15-0ubuntu0.16.10.4")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / php7.0-cgi / php7.0-cli / php7.0-fpm");
}
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6972668DCDB711E6A9A5B499BAEBFEAF.NASL
    descriptionThe PHP project reports : - Use After Free Vulnerability in unserialize() (CVE-2016-9936) - Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
    last seen2020-06-01
    modified2020-06-02
    plugin id96221
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96221
    titleFreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(96221);
  script_version("3.8");
  script_cvs_date("Date: 2018/11/10 11:49:45");

  script_cve_id("CVE-2016-9935", "CVE-2016-9936");

  script_name(english:"FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)");
  script_summary(english:"Checks for updated package in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote FreeBSD host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The PHP project reports :

- Use After Free Vulnerability in unserialize() (CVE-2016-9936)

- Invalid read when wddx decodes empty boolean element (CVE-2016-9935)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://php.net/ChangeLog-7.php#7.0.14"
  );
  # https://vuxml.freebsd.org/freebsd/6972668d-cdb7-11e6-a9a5-b499baebfeaf.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a5732688"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php70");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"php70<7.0.14")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0017-1.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119989
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119989
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0017-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(119989);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");

  script_cve_id("CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936");

  script_name(english:"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php7 fixes the following issues :

  - CVE-2016-9933 Possible stack overflow on truecolor
    images handling [bsc#1015187]

  - CVE-2016-9934 Dereference from NULL pointer could lead
    to crash [bsc#1015188]

  - CVE-2016-9935 Invalid read could lead to crash
    [bsc#1015189]

  - CVE-2016-9936 Use After free in the function serialize()
    could lead to crash [bsc#1015191]

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015187"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015191"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9933/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9934/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9935/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9936/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20170017-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?342ab28b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-8=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2017-8=1

SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
SUSE-SLE-Module-Web-Scripting-12-2017-8=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debugsource-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-debuginfo-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-7.0.7-28.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-debuginfo-7.0.7-28.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7");
}
  • NASL familyCGI abuses
    NASL idPHP_7_1_0.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.0. It is, therefore, affected by the following vulnerabilities: - A stack consumption condition exists in the gdImageFillToBorder function of the gd.c script within the GD Graphics Library (libgd). An unauthenticated, remote attacker can exploit this issue, via a crafted call to imagefilltoborder using a negative color value, to cause the application to stop responding. (CVE-2016-9933) - A denial of service (DoS) vulnerability exists in the ext/wddx/wddx.c script. An unauthenticated, remote attacker can exploit this issue, via crafted serialized data in a wddxPacket XML document, to cause the application to stop responding. (CVE-2016-9934) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id122540
    published2019-03-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122540
    titlePHP 7.1.x < 7.1.0 Multiple Vulnerabilities.
  • NASL familyCGI abuses
    NASL idPHP_7_0_14.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A deserialization vulnerability exists in the ext/standard/var.c script. An unauthenticated, remote attacker can exploit this, via crafted serialized data, to the application to stop responding or execute arbitrary code on the target host. (CVE-2016-9936) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id95875
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95875
    titlePHP 7.0.x < 7.0.14 Multiple Vulnerabilities

Redhat

advisories
rhsa
idRHSA-2018:1296
rpms
  • rh-php70-php-0:7.0.27-1.el6
  • rh-php70-php-0:7.0.27-1.el7
  • rh-php70-php-bcmath-0:7.0.27-1.el6
  • rh-php70-php-bcmath-0:7.0.27-1.el7
  • rh-php70-php-cli-0:7.0.27-1.el6
  • rh-php70-php-cli-0:7.0.27-1.el7
  • rh-php70-php-common-0:7.0.27-1.el6
  • rh-php70-php-common-0:7.0.27-1.el7
  • rh-php70-php-dba-0:7.0.27-1.el6
  • rh-php70-php-dba-0:7.0.27-1.el7
  • rh-php70-php-dbg-0:7.0.27-1.el6
  • rh-php70-php-dbg-0:7.0.27-1.el7
  • rh-php70-php-debuginfo-0:7.0.27-1.el6
  • rh-php70-php-debuginfo-0:7.0.27-1.el7
  • rh-php70-php-devel-0:7.0.27-1.el6
  • rh-php70-php-devel-0:7.0.27-1.el7
  • rh-php70-php-embedded-0:7.0.27-1.el6
  • rh-php70-php-embedded-0:7.0.27-1.el7
  • rh-php70-php-enchant-0:7.0.27-1.el6
  • rh-php70-php-enchant-0:7.0.27-1.el7
  • rh-php70-php-fpm-0:7.0.27-1.el6
  • rh-php70-php-fpm-0:7.0.27-1.el7
  • rh-php70-php-gd-0:7.0.27-1.el6
  • rh-php70-php-gd-0:7.0.27-1.el7
  • rh-php70-php-gmp-0:7.0.27-1.el6
  • rh-php70-php-gmp-0:7.0.27-1.el7
  • rh-php70-php-imap-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el7
  • rh-php70-php-json-0:7.0.27-1.el6
  • rh-php70-php-json-0:7.0.27-1.el7
  • rh-php70-php-ldap-0:7.0.27-1.el6
  • rh-php70-php-ldap-0:7.0.27-1.el7
  • rh-php70-php-mbstring-0:7.0.27-1.el6
  • rh-php70-php-mbstring-0:7.0.27-1.el7
  • rh-php70-php-mysqlnd-0:7.0.27-1.el6
  • rh-php70-php-mysqlnd-0:7.0.27-1.el7
  • rh-php70-php-odbc-0:7.0.27-1.el6
  • rh-php70-php-odbc-0:7.0.27-1.el7
  • rh-php70-php-opcache-0:7.0.27-1.el6
  • rh-php70-php-opcache-0:7.0.27-1.el7
  • rh-php70-php-pdo-0:7.0.27-1.el6
  • rh-php70-php-pdo-0:7.0.27-1.el7
  • rh-php70-php-pgsql-0:7.0.27-1.el6
  • rh-php70-php-pgsql-0:7.0.27-1.el7
  • rh-php70-php-process-0:7.0.27-1.el6
  • rh-php70-php-process-0:7.0.27-1.el7
  • rh-php70-php-pspell-0:7.0.27-1.el6
  • rh-php70-php-pspell-0:7.0.27-1.el7
  • rh-php70-php-recode-0:7.0.27-1.el6
  • rh-php70-php-recode-0:7.0.27-1.el7
  • rh-php70-php-snmp-0:7.0.27-1.el6
  • rh-php70-php-snmp-0:7.0.27-1.el7
  • rh-php70-php-soap-0:7.0.27-1.el6
  • rh-php70-php-soap-0:7.0.27-1.el7
  • rh-php70-php-tidy-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el7
  • rh-php70-php-xmlrpc-0:7.0.27-1.el6
  • rh-php70-php-xmlrpc-0:7.0.27-1.el7
  • rh-php70-php-zip-0:7.0.27-1.el6
  • rh-php70-php-zip-0:7.0.27-1.el7

References