Vulnerabilities > CVE-2020-7059 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4279-1.NASL description It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-18 plugin id 133764 published 2020-02-18 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133764 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : php5, php7.0, php7.2, php7.3 vulnerabilities (USN-4279-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4279-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(133764); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2015-9253", "CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"USN", value:"4279-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : php5, php7.0, php7.2, php7.3 vulnerabilities (USN-4279-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4279-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7060"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.3-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.3-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.3-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.33-0ubuntu0.16.04.11")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.33-0ubuntu0.16.04.11")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.33-0ubuntu0.16.04.11")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.33-0ubuntu0.16.04.11")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libapache2-mod-php7.2", pkgver:"7.2.24-0ubuntu0.18.04.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"php7.2-cgi", pkgver:"7.2.24-0ubuntu0.18.04.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"php7.2-cli", pkgver:"7.2.24-0ubuntu0.18.04.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"php7.2-fpm", pkgver:"7.2.24-0ubuntu0.18.04.3")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libapache2-mod-php7.3", pkgver:"7.3.11-0ubuntu0.19.10.3")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"php7.3-cgi", pkgver:"7.3.11-0ubuntu0.19.10.3")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"php7.3-cli", pkgver:"7.3.11-0ubuntu0.19.10.3")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"php7.3-fpm", pkgver:"7.3.11-0ubuntu0.19.10.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / libapache2-mod-php7.0 / libapache2-mod-php7.2 / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0622-1.NASL description This update for php7 fixes the following issues : CVE-2020-7062: Fixed a NULL pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-10 plugin id 134365 published 2020-03-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134365 title SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:0622-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0622-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134365); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063"); script_name(english:"SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:0622-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php7 fixes the following issues : CVE-2020-7062: Fixed a NULL pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162632" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1165280" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1165289" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7060/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7062/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7063/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200622-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2eb108d0" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 15:zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-622=1 SUSE Linux Enterprise Server 15-LTSS:zypper in -t patch SUSE-SLE-Product-SLES-15-2020-622=1 SUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-622=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-622=1 SUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-622=1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-622=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-embed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sodium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"apache2-mod_php7-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"apache2-mod_php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-bcmath-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-bcmath-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-bz2-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-bz2-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-calendar-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-calendar-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ctype-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ctype-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-curl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-curl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-dba-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-dba-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-debugsource-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-devel-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-dom-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-dom-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-enchant-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-enchant-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-exif-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-exif-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fastcgi-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fastcgi-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fileinfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fileinfo-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fpm-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-fpm-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ftp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ftp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gd-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gd-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gettext-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gettext-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gmp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-gmp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-iconv-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-iconv-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-intl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-intl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-json-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-json-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ldap-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-ldap-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-mbstring-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-mbstring-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-mysql-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-mysql-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-odbc-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-odbc-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-opcache-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-opcache-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-openssl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-openssl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pcntl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pcntl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pdo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pdo-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pgsql-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-pgsql-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-phar-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-phar-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-posix-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-posix-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-shmop-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-shmop-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-snmp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-snmp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-soap-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-soap-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sockets-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sockets-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sodium-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sodium-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sqlite-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sqlite-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvmsg-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvmsg-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvsem-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvsem-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvshm-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sysvshm-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-tokenizer-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-tokenizer-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-wddx-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-wddx-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlreader-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlreader-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlrpc-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlrpc-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlwriter-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xmlwriter-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xsl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-xsl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-zip-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-zip-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-zlib-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-zlib-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-debugsource-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-embed-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-embed-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-readline-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-readline-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sodium-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-sodium-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-tidy-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"php7-tidy-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"apache2-mod_php7-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"apache2-mod_php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-bcmath-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-bcmath-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-bz2-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-bz2-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-calendar-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-calendar-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ctype-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ctype-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-curl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-curl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-dba-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-dba-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-debugsource-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-devel-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-dom-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-dom-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-enchant-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-enchant-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-exif-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-exif-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fastcgi-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fastcgi-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fileinfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fileinfo-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fpm-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-fpm-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ftp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ftp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gd-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gd-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gettext-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gettext-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gmp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-gmp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-iconv-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-iconv-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-intl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-intl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-json-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-json-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ldap-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-ldap-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-mbstring-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-mbstring-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-mysql-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-mysql-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-odbc-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-odbc-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-opcache-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-opcache-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-openssl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-openssl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pcntl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pcntl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pdo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pdo-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pgsql-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-pgsql-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-phar-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-phar-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-posix-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-posix-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-shmop-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-shmop-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-snmp-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-snmp-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-soap-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-soap-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sockets-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sockets-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sodium-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sodium-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sqlite-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sqlite-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvmsg-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvmsg-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvsem-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvsem-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvshm-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-sysvshm-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-tokenizer-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-tokenizer-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-wddx-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-wddx-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlreader-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlreader-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlrpc-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlrpc-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlwriter-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xmlwriter-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xsl-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-xsl-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-zip-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-zip-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-zlib-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"php7-zlib-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-debugsource-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-embed-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-embed-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-readline-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-readline-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-sodium-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-sodium-debuginfo-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-tidy-7.2.5-4.52.4")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"php7-tidy-debuginfo-7.2.5-4.52.4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0522-1.NASL description This update for php5 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-02 plugin id 134199 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134199 title SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0522-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134199); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"); script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146360" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1154999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159924" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159927" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1161982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162632" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11041/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11042/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11043/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11045/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11046/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11047/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11050/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7060/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e9a53cf" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-522=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-522=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.68.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1347.NASL description When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059) When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060) last seen 2020-03-17 modified 2020-02-28 plugin id 134120 published 2020-02-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134120 title Amazon Linux AMI : php73 (ALAS-2020-1347) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2020-1347. # include("compat.inc"); if (description) { script_id(134120); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/06"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"ALAS", value:"2020-1347"); script_name(english:"Amazon Linux AMI : php73 (ALAS-2020-1347)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059) When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1347.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php73' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php73-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-bcmath-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-cli-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-common-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-dba-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-dbg-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-debuginfo-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-devel-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-embedded-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-enchant-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-fpm-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-gd-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-gmp-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-imap-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-intl-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-json-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-ldap-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-mbstring-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-mysqlnd-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-odbc-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-opcache-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pdo-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pdo-dblib-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pgsql-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-process-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pspell-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-recode-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-snmp-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-soap-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-tidy-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-xml-7.3.14-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-xmlrpc-7.3.14-1.23.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php73 / php73-bcmath / php73-cli / php73-common / php73-dba / etc"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1346.NASL description When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059) When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060) last seen 2020-03-17 modified 2020-02-28 plugin id 134119 published 2020-02-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134119 title Amazon Linux AMI : php72 (ALAS-2020-1346) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2020-1346. # include("compat.inc"); if (description) { script_id(134119); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/06"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"ALAS", value:"2020-1346"); script_name(english:"Amazon Linux AMI : php72 (ALAS-2020-1346)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059) When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1346.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php72' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php72-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-bcmath-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-cli-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-common-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-dba-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-dbg-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-debuginfo-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-devel-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-embedded-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-enchant-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-fpm-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-gd-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-gmp-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-imap-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-intl-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-json-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-ldap-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-mbstring-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-mysqlnd-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-odbc-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-opcache-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pdo-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pdo-dblib-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pgsql-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-process-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pspell-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-recode-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-snmp-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-soap-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-tidy-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-xml-7.2.27-1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-xmlrpc-7.2.27-1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php72 / php72-bcmath / php72-cli / php72-common / php72-dba / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2020-DCA9810FD2.NASL description **PHP version 7.3.14** (23 Jan 2020) **Core** - Fixed bug php#78999 (Cycle leak when using function result as temporary). (Dmitry) **CURL:** - Fixed bug php#79033 (Curl timeout error with specific url and post). (cmb) **Date:** - Fixed bug php#79015 (undefined-behavior in php_date.c). (cmb) **DBA:** - Fixed bug php#78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). (cmb) **Fileinfo:** - Fixed bug php#74170 (locale information change after mime_content_type). (Sergei Turchanov) **GD:** - Fixed bug php#78923 (Artifacts when convoluting image with transparency). (wilson chen) - Fixed bug php#79067 (gdTransformAffineCopy() may use uninitialized values). (cmb) - Fixed bug php#79068 (gdTransformAffineCopy() changes interpolation method). (cmb) **Libxml:** - Fixed bug php#79029 (Use After Free last seen 2020-06-01 modified 2020-06-02 plugin id 133430 published 2020-02-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133430 title Fedora 31 : php (2020-dca9810fd2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-dca9810fd2. # include("compat.inc"); if (description) { script_id(133430); script_version("1.4"); script_cvs_date("Date: 2020/02/14"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"FEDORA", value:"2020-dca9810fd2"); script_name(english:"Fedora 31 : php (2020-dca9810fd2)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "**PHP version 7.3.14** (23 Jan 2020) **Core** - Fixed bug php#78999 (Cycle leak when using function result as temporary). (Dmitry) **CURL:** - Fixed bug php#79033 (Curl timeout error with specific url and post). (cmb) **Date:** - Fixed bug php#79015 (undefined-behavior in php_date.c). (cmb) **DBA:** - Fixed bug php#78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). (cmb) **Fileinfo:** - Fixed bug php#74170 (locale information change after mime_content_type). (Sergei Turchanov) **GD:** - Fixed bug php#78923 (Artifacts when convoluting image with transparency). (wilson chen) - Fixed bug php#79067 (gdTransformAffineCopy() may use uninitialized values). (cmb) - Fixed bug php#79068 (gdTransformAffineCopy() changes interpolation method). (cmb) **Libxml:** - Fixed bug php#79029 (Use After Free's in XMLReader / XMLWriter). (Laruence) **Mbstring:** - Fixed bug php#79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) (Nikita) **OPcache:** - Fixed bug php#79040 (Warning Opcode handlers are unusable due to ASLR). (cmb) **Pcntl:** - Fixed bug php#78402 (Converting null to string in error message is bad DX). (SATŌ Kentarō) **PDO_PgSQL:** - Fixed bug php#78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). (SATŌ Kentarō) - Fixed bug php#78980 (pgsqlGetNotify() overlooks dead connection). (SATŌ Kentarō) - Fixed bug php#78982 (pdo_pgsql returns dead persistent connection). (SATŌ Kentarō) **Session:** - Fixed bug php#79091 (heap use-after-free in session_create_id()). (cmb, Nikita) **Shmop:** - Fixed bug php#78538 (shmop memory leak). (cmb) **Standard:** - Fixed bug php#79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb) - Fixed bug php#54298 (Using empty additional_headers adding extraneous CRLF). (cmb) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-dca9810fd2" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"php-7.3.14-1.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4628.NASL description Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names. last seen 2020-03-17 modified 2020-02-20 plugin id 133815 published 2020-02-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133815 title Debian DSA-4628-1 : php7.0 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4628. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(133815); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"DSA", value:"4628"); script_name(english:"Debian DSA-4628-1 : php7.0 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/php7.0" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/php7.0" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4628" ); script_set_attribute( attribute:"solution", value: "Upgrade the php7.0 packages. For the oldstable distribution (stretch), these problems have been fixed in version 7.0.33-0+deb9u7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libapache2-mod-php7.0", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"libphp7.0-embed", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-bcmath", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-bz2", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-cgi", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-cli", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-common", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-curl", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-dba", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-dev", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-enchant", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-fpm", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-gd", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-gmp", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-imap", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-interbase", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-intl", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-json", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-ldap", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-mbstring", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-mcrypt", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-mysql", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-odbc", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-opcache", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-pgsql", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-phpdbg", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-pspell", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-readline", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-recode", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-snmp", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-soap", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-sqlite3", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-sybase", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-tidy", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-xml", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-xmlrpc", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-xsl", reference:"7.0.33-0+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"php7.0-zip", reference:"7.0.33-0+deb9u7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2124.NASL description Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure or crash. For Debian 8 last seen 2020-03-17 modified 2020-03-02 plugin id 134175 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134175 title Debian DLA-2124-1 : php5 security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-2124-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(134175); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/06"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_name(english:"Debian DLA-2124-1 : php5 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure or crash. For Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u9. We recommend that you upgrade your php5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/php5" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libphp5-embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-phpdbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libapache2-mod-php5", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"libapache2-mod-php5filter", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"libphp5-embed", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php-pear", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-cgi", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-cli", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-common", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-curl", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-dbg", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-dev", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-enchant", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-fpm", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-gd", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-gmp", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-imap", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-interbase", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-intl", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-ldap", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-mcrypt", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-mysql", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-mysqlnd", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-odbc", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-pgsql", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-phpdbg", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-pspell", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-readline", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-recode", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-snmp", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-sqlite", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-sybase", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-tidy", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-xmlrpc", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (deb_check(release:"8.0", prefix:"php5-xsl", reference:"5.6.40+dfsg-0+deb8u9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-57.NASL description The remote host is affected by the vulnerability described in GLSA-202003-57 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands, cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-04-30 modified 2020-03-27 plugin id 134965 published 2020-03-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134965 title GLSA-202003-57 : PHP: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-57. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134965); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24"); script_cve_id("CVE-2018-19518", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7061", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"); script_xref(name:"GLSA", value:"202003-57"); script_name(english:"GLSA-202003-57 : PHP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-57 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands, cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-57" ); script_set_attribute( attribute:"solution", value: "All PHP 7.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-7.2.29:7.2' All PHP 7.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-7.3.16:7.3' All PHP 7.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-7.4.4:7.4'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19518"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'php imap_open Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 7.2.29", "ge 7.3.16", "ge 7.4.4"), vulnerable:make_list("lt 7.2.29", "lt 7.3.16", "lt 7.4.4"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4626.NASL description Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names. last seen 2020-03-17 modified 2020-02-18 plugin id 133733 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133733 title Debian DSA-4626-1 : php7.3 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4626. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(133733); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"DSA", value:"4626"); script_name(english:"Debian DSA-4626-1 : php7.3 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/php7.3" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/buster/php7.3" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4626" ); script_set_attribute( attribute:"solution", value: "Upgrade the php7.3 packages. For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"libapache2-mod-php7.3", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libphp7.3-embed", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-bcmath", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-bz2", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-cgi", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-cli", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-common", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-curl", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-dba", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-dev", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-enchant", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-fpm", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-gd", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-gmp", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-imap", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-interbase", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-intl", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-json", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-ldap", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-mbstring", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-mysql", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-odbc", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-opcache", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-pgsql", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-phpdbg", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-pspell", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-readline", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-recode", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-snmp", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-soap", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-sqlite3", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-sybase", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-tidy", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-xml", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-xmlrpc", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-xsl", reference:"7.3.14-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"php7.3-zip", reference:"7.3.14-1~deb10u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2020-F9D2203F3B.NASL description **PHP version 7.3.14** (23 Jan 2020) **Core** - Fixed bug php#78999 (Cycle leak when using function result as temporary). (Dmitry) **CURL:** - Fixed bug php#79033 (Curl timeout error with specific url and post). (cmb) **Date:** - Fixed bug php#79015 (undefined-behavior in php_date.c). (cmb) **DBA:** - Fixed bug php#78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). (cmb) **Fileinfo:** - Fixed bug php#74170 (locale information change after mime_content_type). (Sergei Turchanov) **GD:** - Fixed bug php#78923 (Artifacts when convoluting image with transparency). (wilson chen) - Fixed bug php#79067 (gdTransformAffineCopy() may use uninitialized values). (cmb) - Fixed bug php#79068 (gdTransformAffineCopy() changes interpolation method). (cmb) **Libxml:** - Fixed bug php#79029 (Use After Free last seen 2020-06-01 modified 2020-06-02 plugin id 133379 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133379 title Fedora 30 : php (2020-f9d2203f3b) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-f9d2203f3b. # include("compat.inc"); if (description) { script_id(133379); script_version("1.4"); script_cvs_date("Date: 2020/02/14"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"FEDORA", value:"2020-f9d2203f3b"); script_name(english:"Fedora 30 : php (2020-f9d2203f3b)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "**PHP version 7.3.14** (23 Jan 2020) **Core** - Fixed bug php#78999 (Cycle leak when using function result as temporary). (Dmitry) **CURL:** - Fixed bug php#79033 (Curl timeout error with specific url and post). (cmb) **Date:** - Fixed bug php#79015 (undefined-behavior in php_date.c). (cmb) **DBA:** - Fixed bug php#78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). (cmb) **Fileinfo:** - Fixed bug php#74170 (locale information change after mime_content_type). (Sergei Turchanov) **GD:** - Fixed bug php#78923 (Artifacts when convoluting image with transparency). (wilson chen) - Fixed bug php#79067 (gdTransformAffineCopy() may use uninitialized values). (cmb) - Fixed bug php#79068 (gdTransformAffineCopy() changes interpolation method). (cmb) **Libxml:** - Fixed bug php#79029 (Use After Free's in XMLReader / XMLWriter). (Laruence) **Mbstring:** - Fixed bug php#79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) (Nikita) **OPcache:** - Fixed bug php#79040 (Warning Opcode handlers are unusable due to ASLR). (cmb) **Pcntl:** - Fixed bug php#78402 (Converting null to string in error message is bad DX). (SATŌ Kentarō) **PDO_PgSQL:** - Fixed bug php#78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). (SATŌ Kentarō) - Fixed bug php#78980 (pgsqlGetNotify() overlooks dead connection). (SATŌ Kentarō) - Fixed bug php#78982 (pdo_pgsql returns dead persistent connection). (SATŌ Kentarō) **Session:** - Fixed bug php#79091 (heap use-after-free in session_create_id()). (cmb, Nikita) **Shmop:** - Fixed bug php#78538 (shmop memory leak). (cmb) **Standard:** - Fixed bug php#79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb) - Fixed bug php#54298 (Using empty additional_headers adding extraneous CRLF). (cmb) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f9d2203f3b" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"php-7.3.14-1.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-341.NASL description This update for php7 fixes the following issues : - CVE-2020-7062: Fixed a NULL pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). - CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). - CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-19 modified 2020-03-16 plugin id 134618 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134618 title openSUSE Security Update : php7 (openSUSE-2020-341) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-341. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(134618); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063"); script_name(english:"openSUSE Security Update : php7 (openSUSE-2020-341)"); script_summary(english:"Check for the openSUSE-2020-341 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php7 fixes the following issues : - CVE-2020-7062: Fixed a NULL pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). - CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). - CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1162629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1162632" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1165280" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1165289" ); script_set_attribute(attribute:"solution", value:"Update the affected php7 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"apache2-mod_php7-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"apache2-mod_php7-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-bcmath-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-bcmath-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-bz2-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-bz2-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-calendar-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-calendar-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ctype-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ctype-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-curl-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-curl-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-dba-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-dba-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-debugsource-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-devel-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-dom-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-dom-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-embed-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-embed-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-enchant-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-enchant-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-exif-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-exif-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fastcgi-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fastcgi-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fileinfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fileinfo-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-firebird-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-firebird-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fpm-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-fpm-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ftp-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ftp-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gd-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gd-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gettext-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gettext-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gmp-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-gmp-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-iconv-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-iconv-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-intl-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-intl-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-json-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-json-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ldap-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-ldap-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-mbstring-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-mbstring-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-mysql-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-mysql-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-odbc-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-odbc-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-opcache-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-opcache-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-openssl-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-openssl-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pcntl-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pcntl-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pdo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pdo-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pear-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pear-Archive_Tar-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pgsql-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-pgsql-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-phar-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-phar-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-posix-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-posix-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-readline-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-readline-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-shmop-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-shmop-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-snmp-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-snmp-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-soap-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-soap-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sockets-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sockets-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sodium-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sodium-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sqlite-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sqlite-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvmsg-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvmsg-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvsem-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvsem-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvshm-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-sysvshm-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-test-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-tidy-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-tidy-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-tokenizer-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-tokenizer-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-wddx-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-wddx-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlreader-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlreader-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlrpc-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlrpc-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlwriter-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xmlwriter-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xsl-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-xsl-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-zip-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-zip-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-zlib-7.2.5-lp151.6.22.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"php7-zlib-debuginfo-7.2.5-lp151.6.22.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0397-1.NASL description This update for php72 fixes the following issues : Security issues fixed : CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single last seen 2020-03-18 modified 2020-02-19 plugin id 133792 published 2020-02-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133792 title SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0397-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0397-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133792); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2019-20433", "CVE-2020-7059", "CVE-2020-7060"); script_name(english:"SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0397-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php72 fixes the following issues : Security issues fixed : CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1161982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162632" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-20433/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7060/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200397-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a65ede57" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-397=1 SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-397=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-397=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php72"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php72-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sodium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sodium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php72-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php72-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php72-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-bcmath-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-bcmath-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-bz2-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-bz2-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-calendar-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-calendar-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ctype-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ctype-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-curl-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-curl-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-dba-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-dba-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-debugsource-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-dom-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-dom-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-enchant-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-enchant-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-exif-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-exif-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fastcgi-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fastcgi-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fileinfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fileinfo-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fpm-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-fpm-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ftp-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ftp-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gd-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gd-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gettext-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gettext-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gmp-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-gmp-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-iconv-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-iconv-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-imap-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-imap-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-intl-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-intl-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-json-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-json-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ldap-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-ldap-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-mbstring-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-mbstring-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-mysql-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-mysql-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-odbc-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-odbc-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-opcache-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-opcache-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-openssl-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-openssl-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pcntl-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pcntl-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pdo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pdo-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pgsql-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pgsql-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-phar-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-phar-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-posix-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-posix-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pspell-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-pspell-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-readline-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-readline-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-shmop-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-shmop-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-snmp-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-snmp-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-soap-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-soap-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sockets-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sockets-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sodium-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sodium-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sqlite-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sqlite-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvmsg-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvmsg-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvsem-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvsem-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvshm-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-sysvshm-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-tidy-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-tidy-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-tokenizer-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-tokenizer-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-wddx-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-wddx-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlreader-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlreader-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlrpc-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlrpc-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlwriter-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xmlwriter-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xsl-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-xsl-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-zip-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-zip-debuginfo-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-zlib-7.2.5-1.37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php72-zlib-debuginfo-7.2.5-1.37.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php72"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4279-2.NASL description USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details : It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-20 plugin id 133840 published 2020-02-20 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133840 title Ubuntu 16.04 LTS : php7.0 regression (USN-4279-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4279-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(133840); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2015-9253", "CVE-2020-7059", "CVE-2020-7060"); script_xref(name:"USN", value:"4279-2"); script_name(english:"Ubuntu 16.04 LTS : php7.0 regression (USN-4279-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details : It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4279-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7060"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libapache2-mod-php7.0", pkgver:"7.0.33-0ubuntu0.16.04.12")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cgi", pkgver:"7.0.33-0ubuntu0.16.04.12")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-cli", pkgver:"7.0.33-0ubuntu0.16.04.12")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"php7.0-fpm", pkgver:"7.0.33-0ubuntu0.16.04.12")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php7.0 / php7.0-cgi / php7.0-cli / php7.0-fpm"); }
NASL family CGI abuses NASL id PHP_7_4_2.NASL description According to its banner, the version of PHP running on the remote web server is either 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, or 7.4.x prior to 7.4.2. It is, therefore, affected by multiple vulnerabilities: - An buffer overflow on the mbfl_filt_conv_big5_wchar` function. An unauthenticated, remote attacker can exploit this to leading to the disclosure of information within memory locations and possibly allow for the execution of malicious code. (CVE-2020-7060) - An out-of-bounds READ error exists in the php_strip_tags_ex due to an input validation error. An unauthenticated, remote attacker can exploit this, leading to the disclosure of information within some memory locations. (CVE-2020-7059) last seen 2020-03-18 modified 2020-01-31 plugin id 133400 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133400 title PHP 7.2.x < 7.2.27 / PHP 7.3.x < 7.3.14 / 7.4.x < 7.4.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133400); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/28"); script_cve_id("CVE-2020-7059", "CVE-2020-7060"); script_name(english:"PHP 7.2.x < 7.2.27 / PHP 7.3.x < 7.3.14 / 7.4.x < 7.4.2 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is either 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, or 7.4.x prior to 7.4.2. It is, therefore, affected by multiple vulnerabilities: - An buffer overflow on the mbfl_filt_conv_big5_wchar` function. An unauthenticated, remote attacker can exploit this to leading to the disclosure of information within memory locations and possibly allow for the execution of malicious code. (CVE-2020-7060) - An out-of-bounds READ error exists in the php_strip_tags_ex due to an input validation error. An unauthenticated, remote attacker can exploit this, leading to the disclosure of information within some memory locations. (CVE-2020-7059)"); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.2.27"); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.3.14"); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.4.2"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.2.27, 7.3.14, 7.4.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7060"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP", "installed_sw/PHP", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include('http.inc'); include('vcf.inc'); include('audit.inc'); port = get_http_port(default:80, php:TRUE); app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE); backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported'); if ((report_paranoia < 2) && backported) audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install'); constraints = [ {'min_version':'7.2.0alpha1', 'fixed_version':'7.2.27'}, {'min_version':'7.3.0alpha1', 'fixed_version':'7.3.14'}, {'min_version':'7.4.0alpha1', 'fixed_version':'7.4.2'} ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- https://bugs.php.net/bug.php?id=79099
- https://bugs.php.net/bug.php?id=79099
- https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html
- https://seclists.org/bugtraq/2020/Feb/27
- https://seclists.org/bugtraq/2020/Feb/27
- https://seclists.org/bugtraq/2020/Feb/31
- https://seclists.org/bugtraq/2020/Feb/31
- https://seclists.org/bugtraq/2021/Jan/3
- https://seclists.org/bugtraq/2021/Jan/3
- https://security.gentoo.org/glsa/202003-57
- https://security.gentoo.org/glsa/202003-57
- https://security.netapp.com/advisory/ntap-20200221-0002/
- https://security.netapp.com/advisory/ntap-20200221-0002/
- https://usn.ubuntu.com/4279-1/
- https://usn.ubuntu.com/4279-1/
- https://www.debian.org/security/2020/dsa-4626
- https://www.debian.org/security/2020/dsa-4626
- https://www.debian.org/security/2020/dsa-4628
- https://www.debian.org/security/2020/dsa-4628
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14