Vulnerabilities > CVE-2019-11043 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
php
canonical
debian
CWE-787
critical
nessus
exploit available
metasploit
NVD
Published: 2019-10-28
Updated: 2023-11-07

Summary

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Vulnerable Configurations

Part Description Count
Application
Php
191
OS
Canonical
6
OS
Debian
2

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

descriptionThis module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certains Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs.). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.
idMSF:EXPLOIT/MULTI/HTTP/PHP_FPM_RCE
last seen2020-06-12
modified2020-03-06
published2020-01-20
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/php_fpm_rce.rb
titlePHP-FPM Underflow RCE

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2546.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718) - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131820
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131820
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(131820);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id(
    "CVE-2011-4718",
    "CVE-2019-11043"
  );
  script_bugtraq_id(
    61929
  );

  script_name(english:"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - Session fixation vulnerability in the Sessions
    subsystem in PHP before 5.5.2 allows remote attackers
    to hijack web sessions by specifying a session
    ID.(CVE-2011-4718)

  - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24
    and 7.3.x below 7.3.11 in certain configurations of FPM
    setup it is possible to cause FPM module to write past
    allocated buffers into the space reserved for FCGI
    protocol data, thus opening the possibility of remote
    code execution.(CVE-2019-11043)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2546
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02bff10d");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["php-5.4.16-45.h21.eulerosv2r7",
        "php-cli-5.4.16-45.h21.eulerosv2r7",
        "php-common-5.4.16-45.h21.eulerosv2r7",
        "php-gd-5.4.16-45.h21.eulerosv2r7",
        "php-ldap-5.4.16-45.h21.eulerosv2r7",
        "php-mysql-5.4.16-45.h21.eulerosv2r7",
        "php-odbc-5.4.16-45.h21.eulerosv2r7",
        "php-pdo-5.4.16-45.h21.eulerosv2r7",
        "php-pgsql-5.4.16-45.h21.eulerosv2r7",
        "php-process-5.4.16-45.h21.eulerosv2r7",
        "php-recode-5.4.16-45.h21.eulerosv2r7",
        "php-soap-5.4.16-45.h21.eulerosv2r7",
        "php-xml-5.4.16-45.h21.eulerosv2r7",
        "php-xmlrpc-5.4.16-45.h21.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2457.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2019-11-12
    plugin id130888
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130888
    titleopenSUSE Security Update : php7 (openSUSE-2019-2457)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-2457.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(130888);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11043");

  script_name(english:"openSUSE Security Update : php7 (openSUSE-2019-2457)");
  script_summary(english:"Check for the openSUSE-2019-2457 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php7 fixes the following issues :

Security issue fixed :

  - CVE-2019-11043: Fixed possible remote code execution via
    env_path_info underflow in fpm_main.c (bsc#1154999).

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154999"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php7 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"apache2-mod_php7-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"apache2-mod_php7-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-bcmath-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-bcmath-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-bz2-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-bz2-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-calendar-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-calendar-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ctype-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ctype-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-curl-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-curl-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-dba-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-dba-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-debugsource-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-devel-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-dom-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-dom-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-embed-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-embed-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-enchant-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-enchant-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-exif-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-exif-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fastcgi-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fastcgi-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fileinfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fileinfo-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-firebird-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-firebird-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fpm-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-fpm-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ftp-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ftp-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gd-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gd-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gettext-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gettext-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gmp-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-gmp-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-iconv-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-iconv-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-intl-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-intl-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-json-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-json-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ldap-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-ldap-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-mbstring-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-mbstring-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-mysql-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-mysql-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-odbc-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-odbc-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-opcache-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-opcache-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-openssl-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-openssl-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pcntl-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pcntl-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pdo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pdo-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pear-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pear-Archive_Tar-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pgsql-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-pgsql-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-phar-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-phar-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-posix-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-posix-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-readline-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-readline-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-shmop-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-shmop-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-snmp-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-snmp-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-soap-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-soap-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sockets-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sockets-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sodium-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sodium-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sqlite-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sqlite-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvmsg-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvmsg-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvsem-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvsem-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvshm-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvshm-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-test-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-tidy-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-tidy-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-tokenizer-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-tokenizer-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-wddx-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-wddx-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlreader-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlreader-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlrpc-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlrpc-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlwriter-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlwriter-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xsl-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-xsl-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-zip-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-zip-debuginfo-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-zlib-7.2.5-lp150.2.29.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"php7-zlib-debuginfo-7.2.5-lp150.2.29.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3736.NASL
    descriptionFrom Red Hat Security Advisory 2019:3736 : An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-25
    plugin id131271
    published2019-11-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131271
    titleOracle Linux 8 : php:7.3 (ELSA-2019-3736)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:3736 and 
# Oracle Linux Security Advisory ELSA-2019-3736 respectively.
#

include("compat.inc");

if (description)
{
  script_id(131271);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11043");
  script_xref(name:"RHSA", value:"2019:3736");

  script_name(english:"Oracle Linux 8 : php:7.3 (ELSA-2019-3736)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2019:3736 :

An update for the php:7.3 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Server.

Security Fix(es) :

* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009384.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php:7.3 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apcu-panel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"apcu-panel-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-devel-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-tools-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-bcmath-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-cli-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-common-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-dba-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-dbg-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-devel-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-embedded-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-enchant-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-fpm-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-gd-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-gmp-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-intl-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-json-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-ldap-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-mbstring-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-mysqlnd-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-odbc-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-opcache-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pdo-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pear-1.10.9-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-apcu-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-zip-1.15.4-1.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pgsql-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-process-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-recode-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-snmp-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-soap-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-xml-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-xmlrpc-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apcu-panel / libzip / libzip-devel / libzip-tools / php / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0522-1.NASL
    descriptionThis update for php5 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-02
    plugin id134199
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134199
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:0522-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(134199);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060");

  script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php5 fixes the following issues :

Security issues fixed :

CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()
(bsc#1146360).

CVE-2019-11042: Fixed heap buffer over-read in
exif_process_user_comment() (bsc#1145095).

CVE-2019-11043: Fixed possible remote code execution via env_path_info
underflow in fpm_main.c (bsc#1154999).

CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class
that accepts filenames with embedded \0 bytes (bsc#1159923).

CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub
(bsc#1159924).

CVE-2019-11047: Fixed an information disclosure in exif_read_data
(bsc#1159922).

CVE-2019-11050: Fixed a buffer over-read in the EXIF extension
(bsc#1159927).

CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex
(bsc#1162629).

CVE-2020-7060: Fixed a global buffer-overflow in
mbfl_filt_conv_big5_wchar (bsc#1162632).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1145095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146360"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1154999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1159922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1159923"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1159924"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1159927"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1161982"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1162629"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1162632"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11041/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11042/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11043/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11045/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11046/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11047/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11050/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2020-7059/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2020-7060/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e9a53cf"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2020-522=1

SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
SUSE-SLE-Module-Web-Scripting-12-2020-522=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.68.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.68.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3287.NASL
    descriptionFrom Red Hat Security Advisory 2019:3287 : An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-04
    plugin id130497
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130497
    titleOracle Linux 6 : php (ELSA-2019-3287)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:3287 and 
# Oracle Linux Security Advisory ELSA-2019-3287 respectively.
#

include("compat.inc");

if (description)
{
  script_id(130497);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11043");
  script_xref(name:"RHSA", value:"2019:3287");

  script_name(english:"Oracle Linux 6 : php (ELSA-2019-3287)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2019:3287 :

An update for php is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Server.

Security Fix(es) :

* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009315.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-zts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL6", reference:"php-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-bcmath-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-cli-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-common-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-dba-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-devel-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-embedded-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-enchant-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-fpm-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-gd-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-imap-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-intl-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-ldap-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-mbstring-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-mysql-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-odbc-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-pdo-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-pgsql-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-process-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-pspell-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-recode-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-snmp-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-soap-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-tidy-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-xml-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-xmlrpc-5.3.3-50.el6_10")) flag++;
if (rpm_check(release:"EL6", reference:"php-zts-5.3.3-50.el6_10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc");
}
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1315.NASL
    descriptionIn PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)
    last seen2020-03-17
    modified2019-11-04
    plugin id130471
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130471
    titleAmazon Linux AMI : php71 / php72,php73,php56 (ALAS-2019-1315)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1315.
#

include("compat.inc");

if (description)
{
  script_id(130471);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11043");
  script_xref(name:"ALAS", value:"2019-1315");

  script_name(english:"Amazon Linux AMI : php71 / php72,php73,php56 (ALAS-2019-1315)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below
7.3.11 in certain configurations of FPM setup it is possible to cause
FPM module to write past allocated buffers into the space reserved for
FCGI protocol data, thus opening the possibility of remote code
execution.(CVE-2019-11043)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2019-1315.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Run 'yum update php71' to update your system.

Run 'yum update php72' to update your system.

Run 'yum update php73' to update your system.

Run 'yum update php56' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php56-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-cli-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-common-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dba-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-devel-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gd-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-imap-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-intl-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-process-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-recode-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-soap-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xml-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.40-1.143.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-cli-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-common-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-dba-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-devel-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-gd-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-imap-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-intl-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-json-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-process-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-recode-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-soap-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-xml-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.33-1.43.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-bcmath-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-cli-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-common-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-dba-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-dbg-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-debuginfo-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-devel-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-embedded-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-enchant-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-fpm-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-gd-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-gmp-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-imap-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-intl-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-json-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-ldap-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-mbstring-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-mysqlnd-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-odbc-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-opcache-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pdo-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pdo-dblib-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pgsql-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-process-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pspell-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-recode-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-snmp-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-soap-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-tidy-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-xml-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-xmlrpc-7.2.24-1.18.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-bcmath-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-cli-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-common-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-dba-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-dbg-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-debuginfo-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-devel-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-embedded-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-enchant-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-fpm-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-gd-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-gmp-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-imap-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-intl-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-json-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-ldap-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-mbstring-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-mysqlnd-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-odbc-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-opcache-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-pdo-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-pdo-dblib-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-pgsql-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-process-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-pspell-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-recode-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-snmp-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-soap-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-tidy-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-xml-7.3.11-1.21.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php73-xmlrpc-7.3.11-1.21.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-187AE3128D.NASL
    description**PHP version 7.2.24** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif:** - Fixed bug php#78442 (
    last seen2020-03-17
    modified2019-11-04
    plugin id130476
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130476
    titleFedora 29 : php (2019-187ae3128d)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-187ae3128d.
#

include("compat.inc");

if (description)
{
  script_id(130476);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-11043");
  script_xref(name:"FEDORA", value:"2019-187ae3128d");

  script_name(english:"Fedora 29 : php (2019-187ae3128d)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**PHP version 7.2.24** (24 Oct 2019)

**Core:**

  - Fixed bug php#78535 (auto_detect_line_endings value not
    parsed as bool). (bugreportuser)

  - Fixed bug php#78620 (Out of memory error). (cmb, Nikita)

**Exif:**

  - Fixed bug php#78442 ('Illegal component' on
    exif_read_data since PHP7) (Kalle)

**FPM:**

  - Fixed bug php#78599 (env_path_info underflow in
    fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub
    Zelenka)

**MBString:**

  - Fixed bug php#78579 (mb_decode_numericentity: args
    number inconsistency). (cmb)

  - Fixed bug php#78609 (mb_check_encoding() no longer
    supports stringable objects). (cmb)

**MySQLi:**

  - Fixed bug php#76809 (SSL settings aren't respected when
    persistent connections are used). (fabiomsouto)

**PDO_MySQL:**

  - Fixed bug php#78623 (Regression caused by 'SP call
    yields additional empty result set'). (cmb)

**Session:**

  - Fixed bug php#78624 (session_gc return value for user
    defined session handlers). (bshaffer)

**Standard:**

  - Fixed bug php#76342 (file_get_contents waits twice
    specified timeout). (Thomas Calvet)

  - Fixed bug php#78612 (strtr leaks memory when integer
    keys are used and the subject string shorter). (Nikita)

  - Fixed bug php#76859 (stream_get_line skips data if used
    with data-generating filter). (kkopachev)

**Zip:**

  - Fixed bug php#78641 (addGlob can modify given
    remove_path value). (cmb)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-187ae3128d"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC29", reference:"php-7.2.24-1.fc29")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_HT210919.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.3, 10.13.x prior to 10.13.6, 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) - An arbitrary code exution vulnerability exists due to a misconfiguration. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host. (CVE-2019-18634) - An arbitrary code exution vulnerability exists due to the ability to process a maliciously crafted image. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the remote host. (CVE-2020-3826 CVE-2020-3827 CVE-2020-3870 CVE-2020-3878) - A privilege escalation vulnerability exists in due to an out-of-bounds read issue. An unauthenticated, remote attacker can exploit this, to gain elevated access to the system. (CVE-2020-3829) - An arbitrary file write vulnerability exists in the handling of symlinks. A malicious program crafted by an attacker can exploit this to overwrite arbitrary files on the remote host. (CVE-2020-3830 CVE-2020-3835 CVE-2020-3855) - An information disclosure vulnerability exists in the access control handling of applications. A malicious application crafted by attacker can exploit this to disclose the kernel memory layout. (CVE-2020-3836) - An arbitrary code exution vulnerability exists due to a memory corruption issue. A malicious application crafted by a remote attacker may be able to execute arbitrary code with kernel privileges on the remote host. (CVE-2020-3837 CVE-2020-3842 CVE-2020-3871) - An arbitrary code exution vulnerability exists due to a permissions logic flaw. A malicious application crafted by a remote attacker may be able to execute arbitrary code with system privileges on the remote host. (CVE-2019-18634 CVE-2020-3854 CVE-2020-3845 CVE-2020-3853 CVE-2020-3857) - An information disclosure vulnerability exists in the input sanitization logic. A malicious application crafted by attacker can exploit this to read restricted memory. (CVE-2020-3839 CVE-2020-3847) - An arbitrary code exution vulnerability exists due to the loading of a maliciously crafted racoon configuration file. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host. (CVE-2020-3840) - A denial of service (DoS) vulnerability exists due to a memory corruption issue. An unauthenticated, remote attacker can exploit this issue, via malicious input, to cause the system to crash, stop responding, or corrupt the kernel memory. (CVE-2020-3843) - An arbitrary code exution vulnerability exists due to either a buffer overflow or out-of-bounds read issue. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host or cause an unexpected application to terminate. (CVE-2020-3846 CVE-2020-3848 CVE-2020-3849 CVE-2020-3850 CVE-2020-3877) - A memory corruption vulnerability exists due to a malicious crafted string. An unauthenticated, remote attacker can exploit this issue, via malicious input, to cause the corruption of the heap memory. (CVE-2020-3856) - An security bypass vulnerability exists in the handling of files from an attacker controlled NFS mount. A remote attacker with local access could search for and open a file from an attacker controlled NFS mount and bypass Gatekeeper Security features. (CVE-2020-3866) - An information disclosure vulnerability exists where an application can read restricted memory. A local, authorized attacker can exploit this to read restricted memory. (CVE-2020-3872 CVE-2020-3875) Note that Nessus has not tested for this issue but has instead relied only on the operating system
    last seen2020-06-12
    modified2020-02-07
    plugin id133531
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133531
    titlemacOS 10.15.x < 10.15.3 / 10.14.x < 10.14.6 / 10.13.x < 10.13.6
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191031_PHP_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)
    last seen2020-03-18
    modified2019-11-04
    plugin id130499
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130499
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20191031)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2819-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-10-31
    plugin id130421
    published2019-10-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130421
    titleSUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2819-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0329.NASL
    descriptionAn update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es) : * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276) * golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-21
    modified2020-02-05
    plugin id133478
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133478
    titleRHEL 8 : go-toolset:rhel8 (RHSA-2020:0329)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2809-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-10-30
    plugin id130390
    published2019-10-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130390
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2019:2809-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3286.NASL
    descriptionFrom Red Hat Security Advisory 2019:3286 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-01
    plugin id130442
    published2019-11-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130442
    titleOracle Linux 7 : php (ELSA-2019-3286)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4552.NASL
    descriptionEmil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups.
    last seen2020-03-17
    modified2019-10-29
    plugin id130349
    published2019-10-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130349
    titleDebian DSA-4552-1 : php7.0 - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7BB07C3B02.NASL
    description**PHP version 7.3.11** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** - Fixed bug php#78442 (
    last seen2020-03-17
    modified2019-11-04
    plugin id130482
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130482
    titleFedora 30 : php (2019-7bb07c3b02)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201910-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201910-01 (PHP: Arbitrary code execution) A underflow in env_path_info in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact : A remote attacker, by sending special crafted HTTP requests, could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : If patching is not feasible, the suggested workaround is to include checks to verify whether or not a file exists before passing to PHP.
    last seen2020-03-18
    modified2019-10-28
    plugin id130329
    published2019-10-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130329
    titleGLSA-201910-01 : PHP: Arbitrary code execution
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0018_PHP.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-03-08
    plugin id134323
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134323
    titleNewStart CGSL MAIN 4.05 : php Vulnerability (NS-SA-2020-0018)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3736.NASL
    descriptionAn update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-11-08
    plugin id130739
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130739
    titleRHEL 8 : php:7.3 (RHSA-2019:3736)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2019-3286.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2019-11-08
    plugin id130758
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130758
    titleVirtuozzo 7 : php / php-bcmath / php-cli / php-common / php-dba / etc (VZLSA-2019-3286)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191031_PHP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)
    last seen2020-03-18
    modified2019-11-01
    plugin id130447
    published2019-11-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130447
    titleScientific Linux Security Update : php on SL7.x x86_64 (20191031)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-3287.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-17
    modified2019-11-04
    plugin id130474
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130474
    titleCentOS 6 : php (CESA-2019:3287)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2441.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2019-11-06
    plugin id130580
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130580
    titleopenSUSE Security Update : php7 (openSUSE-2019-2441)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4553.NASL
    descriptionEmil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups.
    last seen2020-03-17
    modified2019-10-29
    plugin id130350
    published2019-10-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130350
    titleDebian DSA-4553-1 : php7.3 - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4ADC49A476.NASL
    description**PHP version 7.3.11** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** - Fixed bug php#78442 (
    last seen2020-03-17
    modified2019-10-31
    plugin id130411
    published2019-10-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130411
    titleFedora 31 : php (2019-4adc49a476)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0001_PHP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-01-20
    plugin id133087
    published2020-01-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133087
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : php Vulnerability (NS-SA-2020-0001)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1058.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.(CVE-2018-19935) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2020-01-13
    plugin id132812
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132812
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : php (EulerOS-SA-2020-1058)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-3286.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-17
    modified2019-11-04
    plugin id130473
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130473
    titleCentOS 7 : php (CESA-2019:3286)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3735.NASL
    descriptionAn update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-11-08
    plugin id130738
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130738
    titleRHEL 8 : php:7.2 (RHSA-2019:3735)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2295.NASL
    descriptionAccording to the version of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-27
    plugin id131361
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131361
    titleEulerOS 2.0 SP8 : php (EulerOS-SA-2019-2295)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3286.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-01
    plugin id130445
    published2019-11-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130445
    titleRHEL 7 : php (RHSA-2019:3286)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0322.NASL
    descriptionAn update for the php:7.2 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-21
    modified2020-02-04
    plugin id133446
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133446
    titleRHEL 8 : php:7.2 (RHSA-2020:0322)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1970.NASL
    descriptionEmil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in particular PATH_INFO handling. For a full list of preconditions, check: https://github.com/neex/phuip-fpizdam For Debian 8
    last seen2020-03-17
    modified2019-10-28
    plugin id130283
    published2019-10-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130283
    titleDebian DLA-1970-1 : php5 security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6A7C2AB000DD11EA83CE705A0F828759.NASL
    descriptionThe PHP project reports : The PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes. The PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several bug fixes. The PHP development team announces the immediate availability of PHP 7.1.33. This is a security release which also contains several bug fixes.
    last seen2020-03-18
    modified2019-11-07
    plugin id130617
    published2019-11-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130617
    titleFreeBSD : php -- env_path_info underflow in fpm_main.c can lead to RCE (6a7c2ab0-00dd-11ea-83ce-705a0f828759)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2909-1.NASL
    descriptionThis update for php72 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-11-07
    plugin id130621
    published2019-11-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130621
    titleSUSE SLES12 Security Update : php72 (SUSE-SU-2019:2909-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0214_PHP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2019-12-02
    plugin id131418
    published2019-12-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131418
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : php Vulnerability (NS-SA-2019-0214)
  • NASL familyCGI abuses
    NASL idPHP_7_3_11.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is prior to 7.1.33, 7.2.x prior to 7.2.24, or 7.3.x prior to 7.3.11. It is, therefore, affected by a remote code execution vulnerability due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this, by sending a specially crafted request, to cause the execution of arbitrary code by breaking the fastcgi_split_path_info directive.
    last seen2020-04-30
    modified2019-10-25
    plugin id130276
    published2019-10-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130276
    titlePHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability.
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4166-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-10-29
    plugin id130362
    published2019-10-29
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130362
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : php7.0, php7.2, php7.3 vulnerability (USN-4166-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1344.NASL
    descriptionIn PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)
    last seen2020-03-17
    modified2019-11-04
    plugin id130470
    published2019-11-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130470
    titleAmazon Linux 2 : php (ALAS-2019-1344)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)
  • NASL familyCGI abuses
    NASL idPHP_7_4_0.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.4.x prior to 7.4.0. It is, therefore, affected by multiple vulnerabilities including a buffer overflow
    last seen2020-03-18
    modified2019-12-06
    plugin id131732
    published2019-12-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131732
    titlePHP 7.4.x < 7.4.0 Multiple Vulnerabilities.
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3287.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-01
    plugin id130446
    published2019-11-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130446
    titleRHEL 6 : php (RHSA-2019:3287)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3735.NASL
    descriptionFrom Red Hat Security Advisory 2019:3735 : An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-25
    plugin id131270
    published2019-11-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131270
    titleOracle Linux 8 : php:7.2 (ELSA-2019-3735)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/156642/php_fpm_rce.rb.txt
idPACKETSTORM:156642
last seen2020-03-06
published2020-03-05
reportercdelafuente-r7
sourcehttps://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
titlePHP-FPM 7.x Remote Code Execution

Redhat

advisories
  • bugzilla
    id1766378
    titleCVE-2019-11043 php: underflow in env_path_info in fpm_main.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentphp-snmp is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286001
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-pspell is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286003
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-mysqlnd is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286005
          • commentphp-mysqlnd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141013034
        • AND
          • commentphp-mbstring is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286007
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-intl is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286009
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-fpm is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286011
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-enchant is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286013
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-embedded is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286015
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-devel is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286017
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-dba is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286019
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-bcmath is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286021
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-xmlrpc is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286023
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-xml is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286025
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-soap is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286027
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-recode is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286029
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-process is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286031
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-pgsql is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286033
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-pdo is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286035
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-odbc is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286037
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-mysql is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286039
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-ldap is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286041
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-gd is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286043
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-common is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286045
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-cli is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286047
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp is earlier than 0:5.4.16-46.1.el7_7
            ovaloval:com.redhat.rhsa:tst:20193286049
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
    rhsa
    idRHSA-2019:3286
    released2019-10-31
    severityCritical
    titleRHSA-2019:3286: php security update (Critical)
  • bugzilla
    id1766378
    titleCVE-2019-11043 php: underflow in env_path_info in fpm_main.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentphp-process is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287001
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-mbstring is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287003
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-intl is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287005
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-imap is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287007
          • commentphp-imap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195040
        • AND
          • commentphp-fpm is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287009
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-enchant is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287011
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-embedded is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287013
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-devel is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287015
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-dba is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287017
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-bcmath is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287019
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-zts is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287021
          • commentphp-zts is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195032
        • AND
          • commentphp-tidy is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287023
          • commentphp-tidy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195036
        • AND
          • commentphp-snmp is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287025
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-recode is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287027
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-pspell is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287029
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-xmlrpc is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287031
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-xml is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287033
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-soap is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287035
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-pgsql is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287037
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-pdo is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287039
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-odbc is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287041
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-mysql is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287043
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-ldap is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287045
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-gd is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287047
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-common is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287049
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-cli is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287051
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp is earlier than 0:5.3.3-50.el6_10
            ovaloval:com.redhat.rhsa:tst:20193287053
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
    rhsa
    idRHSA-2019:3287
    released2019-10-31
    severityCritical
    titleRHSA-2019:3287: php security update (Critical)
  • bugzilla
    id1766378
    titleCVE-2019-11043 php: underflow in env_path_info in fpm_main.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule php:7.2 is enabled
        ovaloval:com.redhat.rhsa:tst:20193735079
      • OR
        • AND
          • commentphp-xmlrpc is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735001
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-xml is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735003
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-soap is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735005
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-snmp is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735007
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-recode is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735009
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-process is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735011
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-pgsql is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735013
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-pecl-zip-debugsource is earlier than 0:1.15.3-1.module+el8.1.0+3186+20164e6f
            ovaloval:com.redhat.rhsa:tst:20193735015
          • commentphp-pecl-zip-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735016
        • AND
          • commentphp-pecl-zip is earlier than 0:1.15.3-1.module+el8.1.0+3186+20164e6f
            ovaloval:com.redhat.rhsa:tst:20193735017
          • commentphp-pecl-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735018
        • AND
          • commentphp-pecl-apcu-devel is earlier than 0:5.1.12-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735019
          • commentphp-pecl-apcu-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735020
        • AND
          • commentphp-pecl-apcu-debugsource is earlier than 0:5.1.12-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735021
          • commentphp-pecl-apcu-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735022
        • AND
          • commentphp-pecl-apcu is earlier than 0:5.1.12-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735023
          • commentphp-pecl-apcu is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735024
        • AND
          • commentphp-pdo is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735025
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-opcache is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735027
          • commentphp-opcache is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735028
        • AND
          • commentphp-odbc is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735029
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-mysqlnd is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735031
          • commentphp-mysqlnd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141013034
        • AND
          • commentphp-mbstring is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735033
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-ldap is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735035
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-json is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735037
          • commentphp-json is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735038
        • AND
          • commentphp-intl is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735039
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-gmp is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735041
          • commentphp-gmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735042
        • AND
          • commentphp-gd is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735043
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-fpm is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735045
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-enchant is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735047
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-embedded is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735049
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-devel is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735051
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-debugsource is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735053
          • commentphp-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735054
        • AND
          • commentphp-dbg is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735055
          • commentphp-dbg is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735056
        • AND
          • commentphp-dba is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735057
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-common is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735059
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-cli is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735061
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-bcmath is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735063
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp is earlier than 0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
            ovaloval:com.redhat.rhsa:tst:20193735065
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentlibzip-tools is earlier than 0:1.5.1-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735067
          • commentlibzip-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735068
        • AND
          • commentlibzip-devel is earlier than 0:1.5.1-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735069
          • commentlibzip-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735070
        • AND
          • commentlibzip-debugsource is earlier than 0:1.5.1-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735071
          • commentlibzip-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735072
        • AND
          • commentlibzip is earlier than 0:1.5.1-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735073
          • commentlibzip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735074
        • AND
          • commentphp-pear is earlier than 1:1.10.5-9.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735075
          • commentphp-pear is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111741002
        • AND
          • commentapcu-panel is earlier than 0:5.1.12-2.module+el8.1.0+3202+af5476b9
            ovaloval:com.redhat.rhsa:tst:20193735077
          • commentapcu-panel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735078
    rhsa
    idRHSA-2019:3735
    released2019-11-06
    severityCritical
    titleRHSA-2019:3735: php:7.2 security update (Critical)
  • bugzilla
    id1766378
    titleCVE-2019-11043 php: underflow in env_path_info in fpm_main.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule php:7.3 is enabled
        ovaloval:com.redhat.rhsa:tst:20193736079
      • OR
        • AND
          • commentphp-xmlrpc is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736001
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-xml is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736003
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-soap is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736005
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-snmp is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736007
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-recode is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736009
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-process is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736011
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-pgsql is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736013
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-pecl-zip-debugsource is earlier than 0:1.15.4-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736015
          • commentphp-pecl-zip-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735016
        • AND
          • commentphp-pecl-zip is earlier than 0:1.15.4-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736017
          • commentphp-pecl-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735018
        • AND
          • commentphp-pecl-apcu-devel is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736019
          • commentphp-pecl-apcu-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735020
        • AND
          • commentphp-pecl-apcu-debugsource is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736021
          • commentphp-pecl-apcu-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735022
        • AND
          • commentphp-pecl-apcu is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736023
          • commentphp-pecl-apcu is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735024
        • AND
          • commentphp-pdo is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736025
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-opcache is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736027
          • commentphp-opcache is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735028
        • AND
          • commentphp-odbc is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736029
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-mysqlnd is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736031
          • commentphp-mysqlnd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141013034
        • AND
          • commentphp-mbstring is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736033
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-ldap is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736035
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-json is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736037
          • commentphp-json is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735038
        • AND
          • commentphp-intl is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736039
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-gmp is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736041
          • commentphp-gmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735042
        • AND
          • commentphp-gd is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736043
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-fpm is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736045
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-enchant is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736047
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-embedded is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736049
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-devel is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736051
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-debugsource is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736053
          • commentphp-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735054
        • AND
          • commentphp-dbg is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736055
          • commentphp-dbg is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735056
        • AND
          • commentphp-dba is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736057
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-common is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736059
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-cli is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736061
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-bcmath is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736063
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp is earlier than 0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
            ovaloval:com.redhat.rhsa:tst:20193736065
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentlibzip-tools is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736067
          • commentlibzip-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735068
        • AND
          • commentlibzip-devel is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736069
          • commentlibzip-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735070
        • AND
          • commentlibzip-debugsource is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736071
          • commentlibzip-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735072
        • AND
          • commentlibzip is earlier than 0:1.5.2-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736073
          • commentlibzip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735074
        • AND
          • commentphp-pear is earlier than 1:1.10.9-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736075
          • commentphp-pear is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111741002
        • AND
          • commentapcu-panel is earlier than 0:5.1.17-1.module+el8.1.0+3189+a1bff096
            ovaloval:com.redhat.rhsa:tst:20193736077
          • commentapcu-panel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193735078
    rhsa
    idRHSA-2019:3736
    released2019-11-06
    severityCritical
    titleRHSA-2019:3736: php:7.3 security update (Critical)
  • rhsa
    idRHSA-2019:3299
  • rhsa
    idRHSA-2019:3300
  • rhsa
    idRHSA-2019:3724
  • rhsa
    idRHSA-2020:0322
rpms
  • php-0:5.4.16-46.1.el7_7
  • php-bcmath-0:5.4.16-46.1.el7_7
  • php-cli-0:5.4.16-46.1.el7_7
  • php-common-0:5.4.16-46.1.el7_7
  • php-dba-0:5.4.16-46.1.el7_7
  • php-debuginfo-0:5.4.16-46.1.el7_7
  • php-devel-0:5.4.16-46.1.el7_7
  • php-embedded-0:5.4.16-46.1.el7_7
  • php-enchant-0:5.4.16-46.1.el7_7
  • php-fpm-0:5.4.16-46.1.el7_7
  • php-gd-0:5.4.16-46.1.el7_7
  • php-intl-0:5.4.16-46.1.el7_7
  • php-ldap-0:5.4.16-46.1.el7_7
  • php-mbstring-0:5.4.16-46.1.el7_7
  • php-mysql-0:5.4.16-46.1.el7_7
  • php-mysqlnd-0:5.4.16-46.1.el7_7
  • php-odbc-0:5.4.16-46.1.el7_7
  • php-pdo-0:5.4.16-46.1.el7_7
  • php-pgsql-0:5.4.16-46.1.el7_7
  • php-process-0:5.4.16-46.1.el7_7
  • php-pspell-0:5.4.16-46.1.el7_7
  • php-recode-0:5.4.16-46.1.el7_7
  • php-snmp-0:5.4.16-46.1.el7_7
  • php-soap-0:5.4.16-46.1.el7_7
  • php-xml-0:5.4.16-46.1.el7_7
  • php-xmlrpc-0:5.4.16-46.1.el7_7
  • php-0:5.3.3-50.el6_10
  • php-bcmath-0:5.3.3-50.el6_10
  • php-cli-0:5.3.3-50.el6_10
  • php-common-0:5.3.3-50.el6_10
  • php-dba-0:5.3.3-50.el6_10
  • php-debuginfo-0:5.3.3-50.el6_10
  • php-devel-0:5.3.3-50.el6_10
  • php-embedded-0:5.3.3-50.el6_10
  • php-enchant-0:5.3.3-50.el6_10
  • php-fpm-0:5.3.3-50.el6_10
  • php-gd-0:5.3.3-50.el6_10
  • php-imap-0:5.3.3-50.el6_10
  • php-intl-0:5.3.3-50.el6_10
  • php-ldap-0:5.3.3-50.el6_10
  • php-mbstring-0:5.3.3-50.el6_10
  • php-mysql-0:5.3.3-50.el6_10
  • php-odbc-0:5.3.3-50.el6_10
  • php-pdo-0:5.3.3-50.el6_10
  • php-pgsql-0:5.3.3-50.el6_10
  • php-process-0:5.3.3-50.el6_10
  • php-pspell-0:5.3.3-50.el6_10
  • php-recode-0:5.3.3-50.el6_10
  • php-snmp-0:5.3.3-50.el6_10
  • php-soap-0:5.3.3-50.el6_10
  • php-tidy-0:5.3.3-50.el6_10
  • php-xml-0:5.3.3-50.el6_10
  • php-xmlrpc-0:5.3.3-50.el6_10
  • php-zts-0:5.3.3-50.el6_10
  • rh-php72-php-0:7.2.24-1.el7
  • rh-php72-php-bcmath-0:7.2.24-1.el7
  • rh-php72-php-cli-0:7.2.24-1.el7
  • rh-php72-php-common-0:7.2.24-1.el7
  • rh-php72-php-dba-0:7.2.24-1.el7
  • rh-php72-php-dbg-0:7.2.24-1.el7
  • rh-php72-php-debuginfo-0:7.2.24-1.el7
  • rh-php72-php-devel-0:7.2.24-1.el7
  • rh-php72-php-embedded-0:7.2.24-1.el7
  • rh-php72-php-enchant-0:7.2.24-1.el7
  • rh-php72-php-fpm-0:7.2.24-1.el7
  • rh-php72-php-gd-0:7.2.24-1.el7
  • rh-php72-php-gmp-0:7.2.24-1.el7
  • rh-php72-php-intl-0:7.2.24-1.el7
  • rh-php72-php-json-0:7.2.24-1.el7
  • rh-php72-php-ldap-0:7.2.24-1.el7
  • rh-php72-php-mbstring-0:7.2.24-1.el7
  • rh-php72-php-mysqlnd-0:7.2.24-1.el7
  • rh-php72-php-odbc-0:7.2.24-1.el7
  • rh-php72-php-opcache-0:7.2.24-1.el7
  • rh-php72-php-pdo-0:7.2.24-1.el7
  • rh-php72-php-pgsql-0:7.2.24-1.el7
  • rh-php72-php-process-0:7.2.24-1.el7
  • rh-php72-php-pspell-0:7.2.24-1.el7
  • rh-php72-php-recode-0:7.2.24-1.el7
  • rh-php72-php-snmp-0:7.2.24-1.el7
  • rh-php72-php-soap-0:7.2.24-1.el7
  • rh-php72-php-xml-0:7.2.24-1.el7
  • rh-php72-php-xmlrpc-0:7.2.24-1.el7
  • rh-php72-php-zip-0:7.2.24-1.el7
  • rh-php71-php-0:7.1.30-2.el7
  • rh-php71-php-bcmath-0:7.1.30-2.el7
  • rh-php71-php-cli-0:7.1.30-2.el7
  • rh-php71-php-common-0:7.1.30-2.el7
  • rh-php71-php-dba-0:7.1.30-2.el7
  • rh-php71-php-dbg-0:7.1.30-2.el7
  • rh-php71-php-debuginfo-0:7.1.30-2.el7
  • rh-php71-php-devel-0:7.1.30-2.el7
  • rh-php71-php-embedded-0:7.1.30-2.el7
  • rh-php71-php-enchant-0:7.1.30-2.el7
  • rh-php71-php-fpm-0:7.1.30-2.el7
  • rh-php71-php-gd-0:7.1.30-2.el7
  • rh-php71-php-gmp-0:7.1.30-2.el7
  • rh-php71-php-intl-0:7.1.30-2.el7
  • rh-php71-php-json-0:7.1.30-2.el7
  • rh-php71-php-ldap-0:7.1.30-2.el7
  • rh-php71-php-mbstring-0:7.1.30-2.el7
  • rh-php71-php-mysqlnd-0:7.1.30-2.el7
  • rh-php71-php-odbc-0:7.1.30-2.el7
  • rh-php71-php-opcache-0:7.1.30-2.el7
  • rh-php71-php-pdo-0:7.1.30-2.el7
  • rh-php71-php-pgsql-0:7.1.30-2.el7
  • rh-php71-php-process-0:7.1.30-2.el7
  • rh-php71-php-pspell-0:7.1.30-2.el7
  • rh-php71-php-recode-0:7.1.30-2.el7
  • rh-php71-php-snmp-0:7.1.30-2.el7
  • rh-php71-php-soap-0:7.1.30-2.el7
  • rh-php71-php-xml-0:7.1.30-2.el7
  • rh-php71-php-xmlrpc-0:7.1.30-2.el7
  • rh-php71-php-zip-0:7.1.30-2.el7
  • rh-php70-php-0:7.0.27-2.el6
  • rh-php70-php-0:7.0.27-2.el7
  • rh-php70-php-bcmath-0:7.0.27-2.el6
  • rh-php70-php-bcmath-0:7.0.27-2.el7
  • rh-php70-php-cli-0:7.0.27-2.el6
  • rh-php70-php-cli-0:7.0.27-2.el7
  • rh-php70-php-common-0:7.0.27-2.el6
  • rh-php70-php-common-0:7.0.27-2.el7
  • rh-php70-php-dba-0:7.0.27-2.el6
  • rh-php70-php-dba-0:7.0.27-2.el7
  • rh-php70-php-dbg-0:7.0.27-2.el6
  • rh-php70-php-dbg-0:7.0.27-2.el7
  • rh-php70-php-debuginfo-0:7.0.27-2.el6
  • rh-php70-php-debuginfo-0:7.0.27-2.el7
  • rh-php70-php-devel-0:7.0.27-2.el6
  • rh-php70-php-devel-0:7.0.27-2.el7
  • rh-php70-php-embedded-0:7.0.27-2.el6
  • rh-php70-php-embedded-0:7.0.27-2.el7
  • rh-php70-php-enchant-0:7.0.27-2.el6
  • rh-php70-php-enchant-0:7.0.27-2.el7
  • rh-php70-php-fpm-0:7.0.27-2.el6
  • rh-php70-php-fpm-0:7.0.27-2.el7
  • rh-php70-php-gd-0:7.0.27-2.el6
  • rh-php70-php-gd-0:7.0.27-2.el7
  • rh-php70-php-gmp-0:7.0.27-2.el6
  • rh-php70-php-gmp-0:7.0.27-2.el7
  • rh-php70-php-imap-0:7.0.27-2.el6
  • rh-php70-php-intl-0:7.0.27-2.el6
  • rh-php70-php-intl-0:7.0.27-2.el7
  • rh-php70-php-json-0:7.0.27-2.el6
  • rh-php70-php-json-0:7.0.27-2.el7
  • rh-php70-php-ldap-0:7.0.27-2.el6
  • rh-php70-php-ldap-0:7.0.27-2.el7
  • rh-php70-php-mbstring-0:7.0.27-2.el6
  • rh-php70-php-mbstring-0:7.0.27-2.el7
  • rh-php70-php-mysqlnd-0:7.0.27-2.el6
  • rh-php70-php-mysqlnd-0:7.0.27-2.el7
  • rh-php70-php-odbc-0:7.0.27-2.el6
  • rh-php70-php-odbc-0:7.0.27-2.el7
  • rh-php70-php-opcache-0:7.0.27-2.el6
  • rh-php70-php-opcache-0:7.0.27-2.el7
  • rh-php70-php-pdo-0:7.0.27-2.el6
  • rh-php70-php-pdo-0:7.0.27-2.el7
  • rh-php70-php-pgsql-0:7.0.27-2.el6
  • rh-php70-php-pgsql-0:7.0.27-2.el7
  • rh-php70-php-process-0:7.0.27-2.el6
  • rh-php70-php-process-0:7.0.27-2.el7
  • rh-php70-php-pspell-0:7.0.27-2.el6
  • rh-php70-php-pspell-0:7.0.27-2.el7
  • rh-php70-php-recode-0:7.0.27-2.el6
  • rh-php70-php-recode-0:7.0.27-2.el7
  • rh-php70-php-snmp-0:7.0.27-2.el6
  • rh-php70-php-snmp-0:7.0.27-2.el7
  • rh-php70-php-soap-0:7.0.27-2.el6
  • rh-php70-php-soap-0:7.0.27-2.el7
  • rh-php70-php-tidy-0:7.0.27-2.el6
  • rh-php70-php-xml-0:7.0.27-2.el6
  • rh-php70-php-xml-0:7.0.27-2.el7
  • rh-php70-php-xmlrpc-0:7.0.27-2.el6
  • rh-php70-php-xmlrpc-0:7.0.27-2.el7
  • rh-php70-php-zip-0:7.0.27-2.el6
  • rh-php70-php-zip-0:7.0.27-2.el7
  • apcu-panel-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • libzip-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-debuginfo-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-debugsource-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-devel-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-tools-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • libzip-tools-debuginfo-0:1.5.1-2.module+el8.1.0+3202+af5476b9
  • php-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-bcmath-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-bcmath-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-cli-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-cli-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-common-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-common-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-dba-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-dba-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-dbg-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-dbg-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-debugsource-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-devel-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-embedded-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-embedded-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-enchant-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-enchant-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-fpm-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-fpm-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-gd-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-gd-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-gmp-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-gmp-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-intl-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-intl-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-json-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-json-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-ldap-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-ldap-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-mbstring-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-mbstring-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-mysqlnd-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-mysqlnd-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-odbc-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-odbc-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-opcache-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-opcache-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-pdo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-pdo-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-pear-1:1.10.5-9.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-debuginfo-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-debugsource-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-apcu-devel-0:5.1.12-2.module+el8.1.0+3202+af5476b9
  • php-pecl-zip-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pecl-zip-debuginfo-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pecl-zip-debugsource-0:1.15.3-1.module+el8.1.0+3186+20164e6f
  • php-pgsql-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-pgsql-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-process-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-process-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-recode-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-recode-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-snmp-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-snmp-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-soap-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-soap-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-xml-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-xml-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-xmlrpc-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • php-xmlrpc-debuginfo-0:7.2.11-4.module+el8.1.0+4555+f5cb8e18
  • apcu-panel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • libzip-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-debugsource-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-devel-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-tools-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • libzip-tools-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
  • php-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-bcmath-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-bcmath-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-cli-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-cli-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-common-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-common-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-dba-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-dba-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-dbg-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-dbg-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-debugsource-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-devel-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-embedded-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-embedded-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-enchant-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-enchant-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-fpm-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-fpm-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-gd-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-gd-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-gmp-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-gmp-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-intl-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-intl-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-json-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-json-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-ldap-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-ldap-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-mbstring-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-mbstring-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-mysqlnd-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-mysqlnd-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-odbc-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-odbc-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-opcache-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-opcache-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-pdo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-pdo-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-pear-1:1.10.9-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-debuginfo-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-debugsource-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-apcu-devel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
  • php-pecl-zip-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pecl-zip-debuginfo-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pecl-zip-debugsource-0:1.15.4-1.module+el8.1.0+3189+a1bff096
  • php-pgsql-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-pgsql-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-process-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-process-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-recode-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-recode-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-snmp-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-snmp-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-soap-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-soap-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-xml-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-xml-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-xmlrpc-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • php-xmlrpc-debuginfo-0:7.3.5-5.module+el8.1.0+4560+e0eee7d6
  • apcu-panel-0:5.1.12-1.module+el8+2561+1aca3413
  • libzip-0:1.5.1-1.module+el8+2561+1aca3413
  • libzip-debuginfo-0:1.5.1-1.module+el8+2561+1aca3413
  • libzip-debugsource-0:1.5.1-1.module+el8+2561+1aca3413
  • libzip-devel-0:1.5.1-1.module+el8+2561+1aca3413
  • libzip-tools-0:1.5.1-1.module+el8+2561+1aca3413
  • libzip-tools-debuginfo-0:1.5.1-1.module+el8+2561+1aca3413
  • php-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-bcmath-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-bcmath-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-cli-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-cli-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-common-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-common-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-dba-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-dba-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-dbg-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-dbg-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-debugsource-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-devel-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-embedded-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-embedded-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-enchant-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-enchant-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-fpm-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-fpm-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-gd-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-gd-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-gmp-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-gmp-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-intl-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-intl-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-json-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-json-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-ldap-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-ldap-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-mbstring-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-mbstring-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-mysqlnd-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-mysqlnd-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-odbc-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-odbc-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-opcache-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-opcache-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-pdo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-pdo-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-pear-1:1.10.5-8.module+el8+2561+1aca3413
  • php-pecl-apcu-0:5.1.12-1.module+el8+2561+1aca3413
  • php-pecl-apcu-debuginfo-0:5.1.12-1.module+el8+2561+1aca3413
  • php-pecl-apcu-debugsource-0:5.1.12-1.module+el8+2561+1aca3413
  • php-pecl-apcu-devel-0:5.1.12-1.module+el8+2561+1aca3413
  • php-pecl-zip-0:1.15.3-1.module+el8+2561+1aca3413
  • php-pecl-zip-debuginfo-0:1.15.3-1.module+el8+2561+1aca3413
  • php-pecl-zip-debugsource-0:1.15.3-1.module+el8+2561+1aca3413
  • php-pgsql-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-pgsql-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-process-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-process-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-recode-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-recode-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-snmp-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-snmp-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-soap-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-soap-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-xml-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-xml-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-xmlrpc-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65
  • php-xmlrpc-debuginfo-0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65

The Hacker News

idTHN:B9AD1A8C118DBF486256A5AD0D9ECBE6
last seen2019-10-27
modified2019-10-27
published2019-10-26
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
titleNew PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

Related news

References