Vulnerabilities > CVE-2019-11035 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
php
canonical
netapp
redhat
opensuse
debian
CWE-125
critical
nessus

Summary

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyCGI abuses
    NASL idPHP_7_1_28.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.28. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer over-read condition exists in php_ifd_get32s in exif.c. - A heap-based buffer overflow condition exists in exif_iif_add_value in exif.c as a result of improperly checking input length.
    last seen2020-06-01
    modified2020-06-02
    plugin id123753
    published2019-04-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123753
    titlePHP 7.1.x < 7.1.28 Multiple vulnerabilities.
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123753);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/30 13:24:46");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035");
      script_bugtraq_id(107794);
    
      script_name(english:"PHP 7.1.x < 7.1.28 Multiple vulnerabilities.");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by
     multiple vulnerabilities."
    );
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 7.1.x prior to 7.1.28. It is, therefore, affected by
    multiple vulnerabilities:
    
      - A heap-based buffer over-read condition exists in 
        php_ifd_get32s in exif.c.
    
      - A heap-based buffer overflow condition exists in 
        exif_iif_add_value in exif.c as a result of improperly
        checking input length."
    );
    
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.1.28");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 7.1.28 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11034");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('http.inc');
    include('webapp_func.inc');
    
    fix = '7.1.28';
    minver = '7.1.0alpha1';
    
    regexes = make_array(
      -3, 'alpha(\\d+)',
      -2, 'beta(\\d+)',
      -1, 'RC(\\d+)'
    );
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    ver = php["ver"];
    source = php["src"];
    backported = get_kb_item('www/php/' + port + '/' + ver + '/backported');
    
    if ((report_paranoia < 2) && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + ver + ' install');
    
    vulnerable = ver_compare(minver:minver, ver:ver, fix:fix, regexes:regexes);
    if (isnull(vulnerable)) exit(1, 'The version of PHP ' + ver + ' is not within the checked ranges.');
    if (vulnerable > -1) audit(AUDIT_LISTEN_NOT_VULN, 'PHP', port, ver);
    
    report =
    '\n  Version source    : ' + source +
    '\n  Installed version : ' + ver +
    '\n  Fixed version     : ' + fix +
    '\n';
    security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C2D1693B73CB11E9A1C7B499BAEBFEAF.NASL
    descriptionThe PHP project reports : Heap-buffer-overflow in php_ifd_get32s (CVE-2019-11034) Heap-buffer-overflow in exif_iif_add_value (CVE-2019-11035)
    last seen2020-06-01
    modified2020-06-02
    plugin id124789
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124789
    titleFreeBSD : PHP -- Multiple vulnerabilities in EXIF module (c2d1693b-73cb-11e9-a1c7-b499baebfeaf)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124789);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035");
    
      script_name(english:"FreeBSD : PHP -- Multiple vulnerabilities in EXIF module (c2d1693b-73cb-11e9-a1c7-b499baebfeaf)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PHP project reports :
    
    Heap-buffer-overflow in php_ifd_get32s (CVE-2019-11034)
    
    Heap-buffer-overflow in exif_iif_add_value (CVE-2019-11035)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.php.net/ChangeLog-7.php"
      );
      # https://vuxml.freebsd.org/freebsd/c2d1693b-73cb-11e9-a1c7-b499baebfeaf.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1e2f0141"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php71-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php72-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php73-exif");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"php71-exif<7.1.28")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php72-exif<7.2.17")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"php73-exif<7.3.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1503.NASL
    descriptionThis update for php5 fixes the following issues : Security issues fixed : - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892). - CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886). - CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889). - CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887). - CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125700
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125700
    titleopenSUSE Security Update : php5 (openSUSE-2019-1503)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1503.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125700);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/13");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035", "CVE-2019-11036", "CVE-2019-9637", "CVE-2019-9638", "CVE-2019-9639", "CVE-2019-9640", "CVE-2019-9675");
    
      script_name(english:"openSUSE Security Update : php5 (openSUSE-2019-1503)");
      script_summary(english:"Check for the openSUSE-2019-1503 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php5 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-11034: Fixed a heap-buffer overflow in
        php_ifd_get32si() (bsc#1132838).
    
      - CVE-2019-11035: Fixed a heap-buffer overflow in
        exif_iif_add_value() (bsc#1132837).
    
      - CVE-2019-9637: Fixed a potential information disclosure
        in rename() (bsc#1128892).
    
      - CVE-2019-9675: Fixed a potential buffer overflow in
        phar_tar_writeheaders_int() (bsc#1128886).
    
      - CVE-2019-9638: Fixed an uninitialized read in
        exif_process_IFD_in_MAKERNOTE() related to value_len
        (bsc#1128889).
    
      - CVE-2019-9639: Fixed an uninitialized read in
        exif_process_IFD_in_MAKERNOTE() related to data_len
        (bsc#1128887).
    
      - CVE-2019-9640: Fixed an invalid Read in
        exif_process_SOFn() (bsc#1128883).
    
      - CVE-2019-11036: Fixed buffer over-read in
        exif_process_IFD_TAG function leading to information
        disclosure (bsc#1134322).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134322"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9675");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-debugsource-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-devel-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-json-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-json-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pear-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-debuginfo-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-5.5.14-118.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-debuginfo-5.5.14-118.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1461-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed: Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). Enabled php7 testsuite (bsc#1119396). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125850
    published2019-06-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125850
    titleSUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1461-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1461-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125850);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2018-19935", "CVE-2018-20783", "CVE-2019-11034", "CVE-2019-11035", "CVE-2019-11036", "CVE-2019-9020", "CVE-2019-9021", "CVE-2019-9022", "CVE-2019-9023", "CVE-2019-9024", "CVE-2019-9637", "CVE-2019-9638", "CVE-2019-9639", "CVE-2019-9640", "CVE-2019-9641", "CVE-2019-9675");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1461-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php7 fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-9637: Fixed improper implementation of rename function and
    multiple invalid memory access in EXIF extension (bsc#1128892).
    
    CVE-2019-9675: Fixed improper implementation of rename function and
    multiple invalid memory access in EXIF extension (bsc#1128886).
    
    CVE-2019-9638: Fixed improper implementation of rename function and
    multiple invalid memory access in EXIF extension ((bsc#1128889).
    
    CVE-2019-9639: Fixed improper implementation of rename function and
    multiple invalid memory access in EXIF extension (bsc#1128887).
    
    CVE-2019-9640: Fixed improper implementation of rename function and
    multiple invalid memory access in EXIF extension (bsc#1128883).
    
    CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS
    server to make PHP misuse memcpy (bsc#1126827).
    
    CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
    could allow to a hostile XMLRPC server to cause memory read outside
    the allocated areas (bsc#1126821).
    
    CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
    (bsc#1126711).
    
    CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions
    which could allow an attacker to read allocated and unallocated memory
    when parsing a phar file (bsc#1127122).
    
    CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
    reading functions which could allow an attacker to read allocated and
    unallocated memory when parsing a phar file (bsc#1126713).
    
    CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
    mbstring regular expression functions (bsc#1126823).
    
    CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
    and improved insecure implementation of rename function (bsc#1128722).
    
    CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be
    triggered via an empty string in the message argument to imap_mail
    (bsc#1118832).
    
    CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
    (bsc#1132838).
    
    CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
    (bsc#1132837).
    
    CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG
    function leading to information disclosure (bsc#1134322).
    
    Other issue addressed: Deleted README.default_socket_timeout which is
    not needed anymore (bsc#1129032).
    
    Enabled php7 testsuite (bsc#1119396).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-19935/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20783/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11034/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11035/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11036/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9020/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9021/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9022/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9023/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9637/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9638/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9639/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9640/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9641/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9675/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191461-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?56a55ab6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-15-2019-1461=1
    
    SUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in
    -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1461=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-1461=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-embed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-embed-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sodium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-mod_php7-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-mod_php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-bcmath-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-bcmath-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-bz2-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-bz2-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-calendar-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-calendar-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ctype-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ctype-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-curl-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-curl-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-dba-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-dba-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debugsource-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-devel-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-dom-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-dom-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-enchant-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-enchant-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-exif-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-exif-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fastcgi-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fastcgi-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fileinfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fileinfo-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fpm-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-fpm-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ftp-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ftp-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gd-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gd-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gettext-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gettext-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gmp-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-gmp-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-iconv-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-iconv-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-intl-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-intl-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-json-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-json-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ldap-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-ldap-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-mbstring-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-mbstring-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-mysql-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-mysql-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-odbc-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-odbc-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-opcache-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-opcache-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-openssl-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-openssl-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pcntl-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pcntl-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pdo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pdo-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pgsql-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-pgsql-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-phar-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-phar-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-posix-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-posix-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-shmop-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-shmop-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-snmp-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-snmp-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-soap-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-soap-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sockets-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sockets-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sodium-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sodium-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sqlite-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sqlite-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvmsg-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvmsg-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvsem-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvsem-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvshm-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sysvshm-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-tokenizer-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-tokenizer-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-wddx-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-wddx-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlreader-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlreader-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlrpc-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlrpc-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlwriter-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xmlwriter-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xsl-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-xsl-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-zip-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-zip-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-zlib-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-zlib-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debugsource-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-embed-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-embed-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-debugsource-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-embed-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-embed-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-readline-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-readline-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sodium-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-sodium-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-tidy-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"php7-tidy-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-debugsource-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-embed-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-embed-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-debugsource-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-embed-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-embed-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-readline-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-readline-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-sodium-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-sodium-debuginfo-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-tidy-7.2.5-4.32.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"php7-tidy-debuginfo-7.2.5-4.32.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1501.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125699
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125699
    titleopenSUSE Security Update : php7 (openSUSE-2019-1501)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1501.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125699);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/13");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035", "CVE-2019-11036");
    
      script_name(english:"openSUSE Security Update : php7 (openSUSE-2019-1501)");
      script_summary(english:"Check for the openSUSE-2019-1501 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for php7 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-11034: Fixed a heap-buffer overflow in
        php_ifd_get32si() (bsc#1132838).
    
      - CVE-2019-11035: Fixed a heap-buffer overflow in
        exif_iif_add_value() (bsc#1132837).
    
      - CVE-2019-11036: Fixed buffer over-read in
        exif_process_IFD_TAG function leading to information
        disclosure (bsc#1134322).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134322"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php7 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php7-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php7-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-bcmath-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-bcmath-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-bz2-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-bz2-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-calendar-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-calendar-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ctype-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ctype-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-curl-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-curl-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-dba-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-dba-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-debugsource-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-devel-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-dom-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-dom-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-enchant-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-enchant-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-exif-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-exif-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fastcgi-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fastcgi-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fileinfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fileinfo-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-firebird-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-firebird-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fpm-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-fpm-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ftp-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ftp-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gd-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gd-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gettext-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gettext-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gmp-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-gmp-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-iconv-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-iconv-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-imap-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-imap-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-intl-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-intl-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-json-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-json-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ldap-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-ldap-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mbstring-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mbstring-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mcrypt-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mcrypt-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mysql-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-mysql-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-odbc-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-odbc-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-opcache-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-opcache-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-openssl-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-openssl-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pcntl-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pcntl-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pdo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pdo-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pear-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pear-Archive_Tar-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pgsql-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pgsql-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-phar-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-phar-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-posix-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-posix-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pspell-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-pspell-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-readline-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-readline-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-shmop-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-shmop-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-snmp-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-snmp-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-soap-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-soap-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sockets-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sockets-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sqlite-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sqlite-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvmsg-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvmsg-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvsem-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvsem-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvshm-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvshm-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-tidy-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-tidy-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-tokenizer-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-tokenizer-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-wddx-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-wddx-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlreader-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlreader-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlrpc-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlrpc-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlwriter-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlwriter-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xsl-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-xsl-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-zip-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-zip-debuginfo-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-zlib-7.0.7-61.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"php7-zlib-debuginfo-7.0.7-61.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_7_3_4.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.4. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer over-read condition exists in php_ifd_get32s in exif.c. - A heap-based buffer overflow condition exists in exif_iif_add_value in exif.c as a result of improperly checking input length.
    last seen2020-06-01
    modified2020-06-02
    plugin id123755
    published2019-04-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123755
    titlePHP 7.3.x < 7.3.4 Multiple vulnerabilities.
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123755);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/30 13:24:46");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035");
      script_bugtraq_id(107794);
    
      script_name(english:"PHP 7.3.x < 7.3.4 Multiple vulnerabilities.");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by
     multiple vulnerabilities."
    );
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 7.3.x prior to 7.3.4. It is, therefore, affected by
    multiple vulnerabilities:
    
      - A heap-based buffer over-read condition exists in 
        php_ifd_get32s in exif.c.
    
      - A heap-based buffer overflow condition exists in 
        exif_iif_add_value in exif.c as a result of improperly
        checking input length."
    );
    
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.3.4");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 7.3.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11034");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('http.inc');
    include('webapp_func.inc');
    
    fix = '7.3.4';
    minver = '7.3.0alpha1';
    
    regexes = make_array(
      -3, 'alpha(\\d+)',
      -2, 'beta(\\d+)',
      -1, 'RC(\\d+)'
    );
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    ver = php["ver"];
    source = php["src"];
    backported = get_kb_item('www/php/' + port + '/' + ver + '/backported');
    
    if ((report_paranoia < 2) && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + ver + ' install');
    
    vulnerable = ver_compare(minver:minver, ver:ver, fix:fix, regexes:regexes);
    if (isnull(vulnerable)) exit(1, 'The version of PHP ' + ver + ' is not within the checked ranges.');
    if (vulnerable > -1) audit(AUDIT_LISTEN_NOT_VULN, 'PHP', port, ver);
    
    report =
    '\n  Version source    : ' + source +
    '\n  Installed version : ' + ver +
    '\n  Fixed version     : ' + fix +
    '\n';
    security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3953-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124275
    published2019-04-24
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124275
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : php7.0, php7.2 vulnerabilities (USN-3953-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3953-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124275);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2019-11034", "CVE-2019-11035");
      script_xref(name:"USN", value:"3953-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : php7.0, php7.2 vulnerabilities (USN-3953-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that PHP incorrectly handled certain exif tags in
    JPEG images. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3953-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.33-0ubuntu0.16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.33-0ubuntu0.16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.33-0ubuntu0.16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.33-0ubuntu0.16.04.4")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libapache2-mod-php7.2", pkgver:"7.2.17-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"php7.2-cgi", pkgver:"7.2.17-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"php7.2-cli", pkgver:"7.2.17-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"php7.2-fpm", pkgver:"7.2.17-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"libapache2-mod-php7.2", pkgver:"7.2.17-0ubuntu0.18.10.1")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"php7.2-cgi", pkgver:"7.2.17-0ubuntu0.18.10.1")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"php7.2-cli", pkgver:"7.2.17-0ubuntu0.18.10.1")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"php7.2-fpm", pkgver:"7.2.17-0ubuntu0.18.10.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"libapache2-mod-php7.2", pkgver:"7.2.17-0ubuntu0.19.04.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"php7.2-cgi", pkgver:"7.2.17-0ubuntu0.19.04.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"php7.2-cli", pkgver:"7.2.17-0ubuntu0.19.04.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"php7.2-fpm", pkgver:"7.2.17-0ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / libapache2-mod-php7.2 / php7.0-cgi / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1624.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1624 advisory. - php: Buffer over-read in PHAR reading functions (CVE-2018-20783) - php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) - php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) - php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) - php: Buffer over-read in exif_read_data() (CVE-2019-11040) - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) - php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) - php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) - php: memcpy with negative length via crafted DNS response (CVE-2019-9022) - php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) - php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) - php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) - php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638, CVE-2019-9639) - php: Invalid read in exif_process_SOFn() (CVE-2019-9640) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-28
    plugin id136057
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136057
    titleRHEL 8 : php:7.2 (RHSA-2020:1624)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1624. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136057);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id(
        "CVE-2018-20783",
        "CVE-2019-9020",
        "CVE-2019-9021",
        "CVE-2019-9022",
        "CVE-2019-9023",
        "CVE-2019-9024",
        "CVE-2019-9637",
        "CVE-2019-9638",
        "CVE-2019-9639",
        "CVE-2019-9640",
        "CVE-2019-11034",
        "CVE-2019-11035",
        "CVE-2019-11036",
        "CVE-2019-11039",
        "CVE-2019-11040",
        "CVE-2019-11041",
        "CVE-2019-11042"
      );
      script_bugtraq_id(
        107121,
        107154,
        107156,
        107379,
        107794,
        108177,
        108520,
        108525
      );
      script_xref(name:"RHSA", value:"2020:1624");
    
      script_name(english:"RHEL 8 : php:7.2 (RHSA-2020:1624)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1624 advisory.
    
      - php: Buffer over-read in PHAR reading functions
        (CVE-2018-20783)
    
      - php: Heap buffer overflow in function
        exif_process_IFD_TAG() (CVE-2019-11034)
    
      - php: Heap buffer overflow in function
        exif_iif_add_value() (CVE-2019-11035)
    
      - php: Buffer over-read in exif_process_IFD_TAG() leading
        to information disclosure (CVE-2019-11036)
    
      - php: Out-of-bounds read due to integer overflow in
        iconv_mime_decode_headers() (CVE-2019-11039)
    
      - php: Buffer over-read in exif_read_data()
        (CVE-2019-11040)
    
      - php: Heap buffer over-read in exif_scan_thumbnail()
        (CVE-2019-11041)
    
      - php: Heap buffer over-read in
        exif_process_user_comment() (CVE-2019-11042)
    
      - php: Invalid memory access in function xmlrpc_decode()
        (CVE-2019-9020)
    
      - php: Heap-based buffer over-read in PHAR reading
        functions (CVE-2019-9021)
    
      - php: memcpy with negative length via crafted DNS
        response (CVE-2019-9022)
    
      - php: Heap-based buffer over-read in mbstring regular
        expression functions (CVE-2019-9023)
    
      - php: Out-of-bounds read in base64_decode_xmlrpc in
        ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)
    
      - php: File rename across filesystems may allow unwanted
        access during processing (CVE-2019-9637)
    
      - php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
        (CVE-2019-9638, CVE-2019-9639)
    
      - php: Invalid read in exif_process_SOFn() (CVE-2019-9640)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/190.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/266.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/665.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/665.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1624");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-20783");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11034");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11035");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11036");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11039");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11040");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11041");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11042");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9020");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9021");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9022");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9023");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9024");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9637");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9638");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9639");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9640");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1680545");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1685123");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1685132");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1685398");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1685404");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1685412");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1688897");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1688922");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1688934");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1688939");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1702246");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1702256");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1707299");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1724152");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1724154");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1739459");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1739465");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9023");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(119, 120, 122, 125, 190, 266, 665);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apcu-panel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    module_ver = get_kb_item('Host/RedHat/appstream/php');
    if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');
    if ('7.2' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);
    
    appstreams = {
        'php:7.2': [
          {'reference':'apcu-panel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'release':'8'},
          {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-common-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-common-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-common-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-json-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-json-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-json-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9', 'release':'8', 'epoch':'1'},
          {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-process-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-process-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-process-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'},
          {'reference':'php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'aarch64', 'release':'8'},
          {'reference':'php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'s390x', 'release':'8'},
          {'reference':'php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223', 'cpu':'x86_64', 'release':'8'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-debugsource / etc');
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1705.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.(CVE-2019-11035) - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.(CVE-2019-11034) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126547
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126547
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1705)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126547);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id(
        "CVE-2019-11034",
        "CVE-2019-11035"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1705)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerabilities :
    
      - When processing certain files, PHP EXIF extension in
        versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and
        7.3.x below 7.3.4 can be caused to read past allocated
        buffer in exif_iif_add_value function. This may lead to
        information disclosure or crash.(CVE-2019-11035)
    
      - When processing certain files, PHP EXIF extension in
        versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and
        7.3.x below 7.3.4 can be caused to read past allocated
        buffer in exif_process_IFD_TAG function. This may lead
        to information disclosure or crash.(CVE-2019-11034)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1705
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3218da6e");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-45.h10",
            "php-cli-5.4.16-45.h10",
            "php-common-5.4.16-45.h10"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4529.NASL
    descriptionMultiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id129107
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129107
    titleDebian DSA-4529-1 : php7.0 - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1686.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.(CVE-2019-11034) - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.(CVE-2019-11035) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-02
    plugin id126427
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126427
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-1686)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1572.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed : - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). - Enabled php7 testsuite (bsc#1119396). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126034
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126034
    titleopenSUSE Security Update : php7 (openSUSE-2019-1572)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1360-1.NASL
    descriptionThis update for php72 fixes the following issues : Security issues fixed : CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Non-security issue fixed: Use system gd (bsc#1133714). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125471
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125471
    titleSUSE SLES12 Security Update : php72 (SUSE-SU-2019:1360-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1723.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.(CVE-2019-11034) - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.(CVE-2019-11035) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126851
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126851
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-1723)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1325-1.NASL
    descriptionThis update for php5 fixes the following issues : Security issues fixed : CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892). CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886). CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889). CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887). CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883). CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125457
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125457
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2019:1325-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1803.NASL
    descriptionA read past allocated buffer vulnerability and two heap-buffer overflow vulnerabilites were discovered in the PHP5 programming language within the Exif image module. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125409
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125409
    titleDebian DLA-1803-1 : php5 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2043.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11040) - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042) - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - A flaw was found in the way the way PHP
    last seen2020-05-08
    modified2019-09-24
    plugin id129236
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129236
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1225.NASL
    descriptionWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. (CVE-2019-11035) When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11034) When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11036)
    last seen2020-06-01
    modified2020-06-02
    plugin id125904
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125904
    titleAmazon Linux AMI : php71 / php72,php73 (ALAS-2019-1225)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1365-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125538
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125538
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2019:1365-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1573.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed : - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). - Enabled php7 testsuite (bsc#1119396). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126035
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126035
    titleopenSUSE Security Update : php7 (openSUSE-2019-1573)
  • NASL familyCGI abuses
    NASL idPHP_7_2_17.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.17. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer over-read condition exists in php_ifd_get32s in exif.c. - A heap-based buffer overflow condition exists in exif_iif_add_value in exif.c as a result of improperly checking input length.
    last seen2020-06-01
    modified2020-06-02
    plugin id123754
    published2019-04-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123754
    titlePHP 7.2.x < 7.2.17 Multiple vulnerabilities.

Redhat

advisories
  • rhsa
    idRHSA-2019:2519
  • rhsa
    idRHSA-2019:3299
rpms
  • rh-php71-php-0:7.1.30-1.el7
  • rh-php71-php-bcmath-0:7.1.30-1.el7
  • rh-php71-php-cli-0:7.1.30-1.el7
  • rh-php71-php-common-0:7.1.30-1.el7
  • rh-php71-php-dba-0:7.1.30-1.el7
  • rh-php71-php-dbg-0:7.1.30-1.el7
  • rh-php71-php-debuginfo-0:7.1.30-1.el7
  • rh-php71-php-devel-0:7.1.30-1.el7
  • rh-php71-php-embedded-0:7.1.30-1.el7
  • rh-php71-php-enchant-0:7.1.30-1.el7
  • rh-php71-php-fpm-0:7.1.30-1.el7
  • rh-php71-php-gd-0:7.1.30-1.el7
  • rh-php71-php-gmp-0:7.1.30-1.el7
  • rh-php71-php-intl-0:7.1.30-1.el7
  • rh-php71-php-json-0:7.1.30-1.el7
  • rh-php71-php-ldap-0:7.1.30-1.el7
  • rh-php71-php-mbstring-0:7.1.30-1.el7
  • rh-php71-php-mysqlnd-0:7.1.30-1.el7
  • rh-php71-php-odbc-0:7.1.30-1.el7
  • rh-php71-php-opcache-0:7.1.30-1.el7
  • rh-php71-php-pdo-0:7.1.30-1.el7
  • rh-php71-php-pgsql-0:7.1.30-1.el7
  • rh-php71-php-process-0:7.1.30-1.el7
  • rh-php71-php-pspell-0:7.1.30-1.el7
  • rh-php71-php-recode-0:7.1.30-1.el7
  • rh-php71-php-snmp-0:7.1.30-1.el7
  • rh-php71-php-soap-0:7.1.30-1.el7
  • rh-php71-php-xml-0:7.1.30-1.el7
  • rh-php71-php-xmlrpc-0:7.1.30-1.el7
  • rh-php71-php-zip-0:7.1.30-1.el7
  • rh-php72-php-0:7.2.24-1.el7
  • rh-php72-php-bcmath-0:7.2.24-1.el7
  • rh-php72-php-cli-0:7.2.24-1.el7
  • rh-php72-php-common-0:7.2.24-1.el7
  • rh-php72-php-dba-0:7.2.24-1.el7
  • rh-php72-php-dbg-0:7.2.24-1.el7
  • rh-php72-php-debuginfo-0:7.2.24-1.el7
  • rh-php72-php-devel-0:7.2.24-1.el7
  • rh-php72-php-embedded-0:7.2.24-1.el7
  • rh-php72-php-enchant-0:7.2.24-1.el7
  • rh-php72-php-fpm-0:7.2.24-1.el7
  • rh-php72-php-gd-0:7.2.24-1.el7
  • rh-php72-php-gmp-0:7.2.24-1.el7
  • rh-php72-php-intl-0:7.2.24-1.el7
  • rh-php72-php-json-0:7.2.24-1.el7
  • rh-php72-php-ldap-0:7.2.24-1.el7
  • rh-php72-php-mbstring-0:7.2.24-1.el7
  • rh-php72-php-mysqlnd-0:7.2.24-1.el7
  • rh-php72-php-odbc-0:7.2.24-1.el7
  • rh-php72-php-opcache-0:7.2.24-1.el7
  • rh-php72-php-pdo-0:7.2.24-1.el7
  • rh-php72-php-pgsql-0:7.2.24-1.el7
  • rh-php72-php-process-0:7.2.24-1.el7
  • rh-php72-php-pspell-0:7.2.24-1.el7
  • rh-php72-php-recode-0:7.2.24-1.el7
  • rh-php72-php-snmp-0:7.2.24-1.el7
  • rh-php72-php-soap-0:7.2.24-1.el7
  • rh-php72-php-xml-0:7.2.24-1.el7
  • rh-php72-php-xmlrpc-0:7.2.24-1.el7
  • rh-php72-php-zip-0:7.2.24-1.el7
  • apcu-panel-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • libzip-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-debuginfo-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-debugsource-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-devel-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-tools-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-tools-debuginfo-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • php-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-bcmath-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-bcmath-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-cli-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-cli-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-common-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-common-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-dba-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-dba-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-dbg-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-dbg-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-debugsource-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-devel-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-embedded-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-embedded-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-enchant-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-enchant-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-fpm-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-fpm-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-gd-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-gd-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-gmp-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-gmp-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-intl-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-intl-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-json-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-json-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-ldap-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-ldap-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-mbstring-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-mbstring-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-mysqlnd-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-mysqlnd-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-odbc-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-odbc-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-opcache-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-opcache-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-pdo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-pdo-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-pear-1:1.10.5-9.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-debuginfo-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-debugsource-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-devel-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-zip-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pecl-zip-debuginfo-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pecl-zip-debugsource-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pgsql-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-pgsql-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-process-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-process-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-recode-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-recode-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-snmp-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-snmp-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-soap-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-soap-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-xml-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-xml-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-xmlrpc-0:7.2.24-1.module+el8.2.0+4601+7c76a223
  • php-xmlrpc-debuginfo-0:7.2.24-1.module+el8.2.0+4601+7c76a223

References