Vulnerabilities > CVE-2017-9228 - Out-of-bounds Write vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:3277-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(120010);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/11 11:22:16");

  script_cve_id("CVE-2017-16642", "CVE-2017-4025", "CVE-2017-9228", "CVE-2017-9229");

  script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php5 fixes the following issues: Security issues 
fixed :

  - CVE-2017-16642: Fix timelib_meridian error that could be
    used to leak information from the interpreter
    (bsc#1067441).

  - CVE-2017-4025: Fix pathname truncation in
    set_include_path, tempnam, rmdir, and readlink
    (bsc#1067090).

  - CVE-2017-9228: Fix heap out-of-bounds write that occurs
    in bitset_set_range() during regex compilation
    (bsc#1069606).

  - CVE-2017-9229: Fix invalid pointer dereference in
    left_adjust_char_head() (bsc#1069631).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1067090"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1067441"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1069606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1069631"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-16642/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-4025/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9228/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9229/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20173277-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?557d6522"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-2040=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-2040=1

SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
SUSE-SLE-Module-Web-Scripting-12-2017-2040=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.13.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-b8bb4b86e2.
#

include("compat.inc");

if (description)
{
  script_id(101797);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229");
  script_xref(name:"FEDORA", value:"2017-b8bb4b86e2");

  script_name(english:"Fedora 26 : php (2017-b8bb4b86e2)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**PHP version 7.1.7** (06 Jul 2017)

**Core:**

  - Fixed bug php#74738 (Multiple [PATH=] and [HOST=]
    sections not properly parsed). (Manuel Mausz)

  - Fixed bug php#74658 (Undefined constants in array
    properties result in broken properties). (Laruence)

  - Fixed misparsing of abstract unix domain socket names.
    (Sara)

  - Fixed bug php#74603 (PHP INI Parsing Stack Buffer
    Overflow Vulnerability). (Stas)

  - Fixed bug php#74101, bug php#74614 (Unserialize Heap
    Use-After-Free (READ: 1) in zval_get_type). (Nikita)

  - Fixed bug php#74111 (Heap buffer overread (READ: 1)
    finish_nested_data from unserialize). (Nikita)

  - Fixed bug php#74819 (wddx_deserialize() heap
    out-of-bound read via php_parse_date()). (Derick)

**Date:**

  - Fixed bug php#74639 (implement clone for DatePeriod and
    DateInterval). (andrewnester)

**DOM:**

  - Fixed bug php#69373 (References to deleted XPath query
    results). (ttoohey)

**Intl:**

  - Fixed bug php#73473 (Stack Buffer Overflow in
    msgfmt_parse_message). (libnex)

  - Fixed bug php#74705 (Wrong reflection on
    Collator::getSortKey and collator_get_sort_key). (Tyson
    Andre, Remi)

**Mbstring:**

  - Add oniguruma upstream fix (CVE-2017-9224,
    CVE-2017-9226, CVE-2017-9227, CVE-2017-9228,
    CVE-2017-9229) (Remi, Mamoru TASAKA)

**Opcache:**

  - Fixed bug php#74663 (Segfault with
    opcache.memory_protect and validate_timestamp).
    (Laruence)

  - Revert opcache.enable_cli to default disabled. (Nikita)

**OpenSSL:**

  - Fixed bug php#74720 (pkcs7_en/decrypt does not work if
    \x1a is used in content). (Anatol)

  - Fixed bug php#74651 (negative-size-param (-1) in memcpy
    in zif_openssl_seal()). (Stas)

**Reflection:**

  - Fixed bug php#74673 (Segfault when cast Reflection
    object to string with undefined constant). (Laruence)

**SPL:**

  - Fixed bug php#74478 (null coalescing operator failing
    with SplFixedArray). (jhdxr)

**FTP:**

  - Fixed bug php#74598 (ftp:// wrapper ignores context
    arg). (Sara)

**PHAR:**

  - Fixed bug php#74386 (Phar::__construct reflection
    incorrect). (villfa)

**SOAP**

  - Fixed bug php#74679 (Incorrect conversion array with
    WSDL_CACHE_MEMORY). (Dmitry)

**Streams:**

  - Fixed bug php#74556 (stream_socket_get_name() returns
    '\0'). (Sara)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8bb4b86e2"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC26", reference:"php-7.1.7-1.fc26")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1371.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(105266);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-16642", "CVE-2017-4025", "CVE-2017-9228", "CVE-2017-9229");

  script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-1371)");
  script_summary(english:"Check for the openSUSE-2017-1371 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php5 fixes the following issues :

Security issues fixed :

  - CVE-2017-16642: Fix timelib_meridian error that could be
    used to leak information from the interpreter
    (bsc#1067441).

  - CVE-2017-4025: Fix pathname truncation in
    set_include_path, tempnam, rmdir, and readlink
    (bsc#1067090).

  - CVE-2017-9228: Fix heap out-of-bounds write that occurs
    in bitset_set_range() during regex compilation
    (bsc#1069606).

  - CVE-2017-9229: Fix invalid pointer dereference in
    left_adjust_char_head() (bsc#1069631).

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1067090"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1067441"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069631"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-77.15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-debugsource-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-devel-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-json-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-json-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pear-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-debuginfo-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-5.5.14-88.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-debuginfo-5.5.14-88.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(101525);
  script_version("1.14");
  script_cvs_date("Date: 2019/03/04 18:17:59");

  script_cve_id(
    "CVE-2017-6004",
    "CVE-2017-7890",
    "CVE-2017-9224",
    "CVE-2017-9226",
    "CVE-2017-9227",
    "CVE-2017-9228",
    "CVE-2017-9229",
    "CVE-2017-11142",
    "CVE-2017-11143",
    "CVE-2017-11144",
    "CVE-2017-11145",
    "CVE-2017-11628",
    "CVE-2017-12933"
  );
  script_bugtraq_id(
    96295,
    99489,
    99490,
    99492,
    99501,
    99550,
    99553,
    99601,
    99605,
    100320,
    100538,
    101244
  );

  script_name(english:"PHP 5.6.x < 5.6.31 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of PHP.");

  script_set_attribute(attribute:"synopsis", value:
"The version of PHP running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP running on the remote web
server is 5.6.x prior to 5.6.31. It is, therefore, affected by the
following vulnerabilities :

  - An out-of-bounds read error exists in the PCRE library
    in the compile_bracket_matchingpath() function within
    file pcre_jit_compile.c. An unauthenticated, remote
    attacker can exploit this, via a specially crafted
    regular expression, to crash a process linked to the
    library, resulting in a denial of service condition.
    (CVE-2017-6004)

  - An out-of-bounds read error exists in the GD Graphics
    Library (LibGD) in the gdImageCreateFromGifCtx()
    function within file gd_gif_in.c when handling a
    specially crafted GIF file. An unauthenticated, remote
    attacker can exploit this to disclose sensitive memory
    contents or crash a process linked to the library.
    (CVE-2017-7890)

  - An out-of-bounds read error exists in Oniguruma in the
    match_at() function within file regexec.c. An
    unauthenticated, remote attacker can exploit this to
    disclose sensitive memory contents or crash a process
    linked to the library. (CVE-2017-9224)

  - An out-of-bounds write error exists in Oniguruma in the
    next_state_val() function during regular expression
    compilation. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2017-9226)

  - An out-of-bounds read error exists in Oniguruma in the
    mbc_enc_len() function within file utf8.c. An
    unauthenticated, remote attacker can exploit this to
    disclose memory contents or crash a process linked to
    the library. (CVE-2017-9227)

  - An out-of-bounds write error exists in Oniguruma in the
    bitset_set_range() function during regular expression
    compilation. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2017-9228)

  - An invalid pointer deference flaw exists in Oniguruma
    in the left_adjust_char_head() function within file
    regexec.c during regular expression compilation. An
    unauthenticated, remote attacker can exploit this to
    crash a process linked to the library, resulting in a
    denial of service condition. (CVE-2017-9229)

  - A denial of service condition exists in PHP when
    handling overlarge POST requests. An unauthenticated,
    remote attacker can exploit this to exhaust available
    CPU resources. (CVE-2017-11142)

  - An extended invalid free error exists in PHP in the
    php_wddx_push_element() function within file
    ext/wddx/wddx.c when parsing empty boolean tags.
    An unauthenticated, remote attacker can exploit this to
    cause a denial of service condition. (CVE-2017-11143)

  - A flaw exists in OpenSSL in the EVP_SealInit() function
    within file crypto/evp/p_seal.c due to returning an
    undocumented value of '-1'. An unauthenticated, remote
    attacker can exploit this to cause an unspecified
    impact. (CVE-2017-11144)

  - An out-of-bounds read error exists in PHP in the
    php_parse_date() function within file
    ext/date/lib/parse_date.c. An unauthenticated, remote
    attacker can exploit this to disclose memory contents or
    cause a denial of service condition.
    (CVE-2017-11145)

  - An out-of-bounds read error exists in PHP in the
    finish_nested_data() function within file
    ext/standard/var_unserializer.re. An unauthenticated,
    remote attacker can exploit this to disclose memory
    contents or cause a denial of service condition.

  - An off-by-one overflow condition exists in PHP in the
    INI parsing API, specifically in the zend_ini_do_op()
    function within file Zend/zend_ini_parser.y, due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code.

  - A Heap buffer overread flaw in finish_nested_data
    while unserializing untrusted data could lead to an
    unspecified impact on the integrity of PHP.
    (CVE-2017-12933)

  - A stack-based buffer overflow in the zend_ini_do_op()
    function in Zend/zend_ini_parser.c could cause a denial
    of service or potentially allow executing code.
    (CVE-2017-11628)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number."
);
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.6.31");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.6.31 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9224");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported)
  audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

# Check that it is the correct version of PHP
if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port);

fix = "5.6.31";
if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
  report =
    '\n  Version source    : ' + source +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-e314044789.
#

include("compat.inc");

if (description)
{
  script_id(103552);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-9224", "CVE-2017-9228");
  script_xref(name:"FEDORA", value:"2017-e314044789");

  script_name(english:"Fedora 25 : oniguruma (2017-e314044789)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This new package includes additional fixes for CVE-2017-9228 .

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e314044789"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected oniguruma package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC25", reference:"oniguruma-6.1.3-3.fc25")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(101526);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/27");

  script_cve_id(
    "CVE-2017-6004",
    "CVE-2017-7890",
    "CVE-2017-9224",
    "CVE-2017-9226",
    "CVE-2017-9227",
    "CVE-2017-9228",
    "CVE-2017-9229",
    "CVE-2017-11144",
    "CVE-2017-11145",
    "CVE-2017-11362",
    "CVE-2017-11628",
    "CVE-2017-12933",
    "CVE-2017-12934"
  );
  script_bugtraq_id(
    96295,
    99489,
    99490,
    99492,
    99501,
    100428
  );

  script_name(english:"PHP 7.0.x < 7.0.21 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of PHP.");

  script_set_attribute(attribute:"synopsis", value:
"The version of PHP running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP running on the remote web
server is 7.0.x prior to 7.0.21. It is, therefore, affected by the
following vulnerabilities :

  - An out-of-bounds read error exists in the PCRE library
    in the compile_bracket_matchingpath() function within
    file pcre_jit_compile.c. An unauthenticated, remote
    attacker can exploit this, via a specially crafted
    regular expression, to crash a process linked to the
    library, resulting in a denial of service condition.
    (CVE-2017-6004)

  - An out-of-bounds read error exists in the GD Graphics
    Library (LibGD) in the gdImageCreateFromGifCtx()
    function within file gd_gif_in.c when handling a
    specially crafted GIF file. An unauthenticated, remote
    attacker can exploit this to disclose sensitive memory
    contents or crash a process linked to the library.
    (CVE-2017-7890)

  - An out-of-bounds read error exists in Oniguruma in the
    match_at() function within file regexec.c. An
    unauthenticated, remote attacker can exploit this to
    disclose sensitive memory contents or crash a process
    linked to the library. (CVE-2017-9224)

  - An out-of-bounds write error exists in Oniguruma in the
    next_state_val() function during regular expression
    compilation. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2017-9226)

  - An out-of-bounds read error exists in Oniguruma in the
    mbc_enc_len() function within file utf8.c. An
    unauthenticated, remote attacker can exploit this to
    disclose memory contents or crash a process linked to
    the library. (CVE-2017-9227)

  - An out-of-bounds write error exists in Oniguruma in the
    bitset_set_range() function during regular expression
    compilation. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2017-9228)

  - An invalid pointer deference flaw exists in Oniguruma
    in the left_adjust_char_head() function within file
    regexec.c during regular expression compilation. An
    unauthenticated, remote attacker can exploit this to
    crash a process linked to the library, resulting in a
    denial of service condition. (CVE-2017-9229)

  - A flaw exists in OpenSSL in the EVP_SealInit() function
    within file crypto/evp/p_seal.c due to returning an
    undocumented value of '-1'. An unauthenticated, remote
    attacker can exploit this to cause an unspecified
    impact. (CVE-2017-11144)

  - An out-of-bounds read error exists in PHP in the
    php_parse_date() function within file
    ext/date/lib/parse_date.c. An unauthenticated, remote
    attacker can exploit this to disclose memory contents or
    cause a denial of service condition. (CVE-2017-11145)

  - A stack-based buffer overflow condition exists in PHP
    in the msgfmt_parse_message() function due to improper
    validation of user-supplied input when parsing locale.
    An unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-11362)

  - An off-by-one overflow condition exists in PHP in the
    INI parsing API, specifically in the zend_ini_do_op()
    function within file Zend/zend_ini_parser.c, due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-11628)

  - An out-of-bounds read error exists in PHP in the
    finish_nested_data() function within file
    ext/standard/var_unserializer.re. An unauthenticated,
    remote attacker can exploit this to disclose memory
    contents or cause a denial of service condition.
    (CVE-2017-12933)

  - A use-after-free error exists in PHP in the
    zval_get_type() function within file
    ext/standard/var_unserializer.c. An unauthenticated,
    remote attacker can exploit this to execute arbitrary
    code. (CVE-2017-12934)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.0.21");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 7.0.21 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12933");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("vcf.inc");
include("vcf_extras.inc");
include("http.inc");
include("webapp_func.inc");

vcf::php::initialize();

port = get_http_port(default:80, php:TRUE);

app_info = vcf::php::get_app_info(port:port);

constraints = [
  { "min_version" : "7.0.0alpha0", "fixed_version" : "7.0.21" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-ee01a2ced6.
#

include("compat.inc");

if (description)
{
  script_id(101745);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229");
  script_xref(name:"FEDORA", value:"2017-ee01a2ced6");

  script_name(english:"Fedora 26 : oniguruma (2017-ee01a2ced6)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security flaws were found on the previous version of
oniguruma. This new version should fix the issue. 

Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227
CVE-2017-9229 CVE-2017-9228

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ee01a2ced6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected oniguruma package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC26", reference:"oniguruma-6.3.0-1.fc26")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-867.
#

include("compat.inc");

if (description)
{
  script_id(102181);
  script_version("3.4");
  script_cvs_date("Date: 2019/07/10 16:04:12");

  script_cve_id("CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229");
  script_xref(name:"ALAS", value:"2017-867");

  script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-867)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Out-of-bounds heap write in bitset_set_range() :

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write occurs in bitset_set_range() during regular
expression compilation due to an uninitialized variable from an
incorrect state transition. An incorrect state transition in
parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index,
resulting in an out-of-bounds write memory corruption. (CVE-2017-9228)

Buffer over-read from unitialized data in gdImageCreateFromGifCtx
function

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in
the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and
7.x before 7.1.7, does not zero colorMap arrays before use. A
specially crafted GIF image could use the uninitialized tables to read
~700 bytes from the top of the stack, potentially disclosing sensitive
information. (CVE-2017-7890)

Invalid pointer dereference in left_adjust_char_head() :

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV
occurs in left_adjust_char_head() during regular expression
compilation. Invalid handling of reg->dmax in forward_search_range()
could result in an invalid pointer dereference, normally as an
immediate denial-of-service condition. (CVE-2017-9229)

Heap buffer overflow in next_state_val() during regular expression
compilation :

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write or read occurs in next_state_val() during regular
expression compilation. Octal numbers larger than 0xff are not handled
correctly in fetch_token() and fetch_token_in_cc(). A malformed
regular expression containing an octal number in the form of \\700
would produce an invalid code point value larger than 0xff in
next_state_val(), resulting in an out-of-bounds write memory
corruption.(CVE-2017-9226)

Out-of-bounds stack read in mbc_enc_len() during regular expression
searching :

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in forward_search_range()
could result in an invalid pointer dereference, as an out-of-bounds
read from a stack buffer. (CVE-2017-9227)

Out-of-bounds stack read in match_at() during regular expression
searching :

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in match_at() during regular expression
searching. A logical error involving order of validation and access in
match_at() could result in an out-of-bounds read from a stack buffer.
(CVE-2017-9224)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-867.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php70' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php70-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-cli-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-common-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dba-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-devel-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gd-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-imap-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-intl-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-json-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-process-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-recode-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-soap-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xml-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.21-1.23.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-zip-7.0.21-1.23.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-958-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(100478);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229");

  script_name(english:"Debian DLA-958-1 : libonig security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in match_at() during regular expression
searching. A logical error involving order of validation and access in
match_at() could result in an out-of-bounds read from a stack buffer.

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write or read occurs in next_state_val() during regular
expression compilation. Octal numbers larger than 0xff are not handled
correctly in fetch_token() and fetch_token_in_cc(). A malformed
regular expression containing an octal number in the form of '\700'
would produce an invalid code point value larger than 0xff in
next_state_val(), resulting in an out-of-bounds write memory
corruption.

CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in forward_search_range()
could result in an invalid pointer dereference, as an out-of-bounds
read from a stack buffer.

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write occurs in bitset_set_range() during regular
expression compilation due to an uninitialized variable from an
incorrect state transition. An incorrect state transition in
parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index,
resulting in an out-of-bounds write memory corruption.

CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod
in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV
occurs in left_adjust_char_head() during regular expression
compilation. Invalid handling of reg->dmax in
forward_search_range() could result in an invalid pointer dereference,
normally as an immediate denial of service condition.

For Debian 7 'Wheezy', these problems have been fixed in version
5.9.1-1+deb7u1.

We recommend that you upgrade your libonig packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2017/05/msg00029.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/libonig"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libonig-dev", reference:"5.9.1-1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libonig2", reference:"5.9.1-1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libonig2-dbg", reference:"5.9.1-1+deb7u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");