Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2019-1147.NASL
HistoryJan 14, 2019 - 12:00 a.m.

Amazon Linux AMI : php56 / php70,php71,php72 (ALAS-2019-1147)

2019-01-1400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
98

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.(CVE-2018-19935)

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a ‘-oProxyCommand’ argument.(CVE-2018-19518)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1147.
#

include('compat.inc');

if (description)
{
  script_id(121132);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/27");

  script_cve_id("CVE-2018-19518", "CVE-2018-19935");
  script_xref(name:"ALAS", value:"2019-1147");

  script_name(english:"Amazon Linux AMI : php56 / php70,php71,php72 (ALAS-2019-1147)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via an empty string in the message argument to the
imap_mail function.(CVE-2018-19935)

University of Washington IMAP Toolkit 2007f on UNIX, as used in
imap_open() in PHP and other products, launches an rsh command (by
means of the imap_rimap function in c-client/imap4r1.c and the
tcp_aopen function in osdep/unix/tcp_unix.c) without preventing
argument injection, which might allow remote attackers to execute
arbitrary OS commands if the IMAP server name is untrusted input
(e.g., entered by a user of a web application) and if rsh has been
replaced by a program with different argument semantics. For example,
if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then
the attack can use an IMAP server name containing a '-oProxyCommand'
argument.(CVE-2018-19518)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2019-1147.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update php56' to update your system.

Run 'yum update php70' to update your system.

Run 'yum update php71' to update your system.

Run 'yum update php72' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19518");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'php imap_open Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo-dblib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php56-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-cli-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-common-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dba-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-devel-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gd-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-imap-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-intl-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-process-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-recode-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-soap-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xml-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.39-1.141.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-cli-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-common-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dba-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-devel-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gd-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-imap-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-intl-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-json-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-process-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-recode-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-soap-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xml-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php70-zip-7.0.33-1.32.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-cli-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-common-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-dba-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-devel-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-gd-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-imap-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-intl-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-json-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-process-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-recode-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-soap-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-xml-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.25-1.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-bcmath-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-cli-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-common-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-dba-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-dbg-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-debuginfo-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-devel-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-embedded-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-enchant-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-fpm-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-gd-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-gmp-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-imap-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-intl-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-json-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-ldap-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-mbstring-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-mysqlnd-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-odbc-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-opcache-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pdo-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pdo-dblib-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pgsql-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-process-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-pspell-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-recode-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-snmp-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-soap-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-tidy-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-xml-7.2.13-1.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php72-xmlrpc-7.2.13-1.7.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc");
}
VendorProductVersionCPE
amazonlinuxphp56-imapp-cpe:/a:amazon:linux:php56-imap
amazonlinuxphp70-pdo-dblibp-cpe:/a:amazon:linux:php70-pdo-dblib
amazonlinuxphp56-opcachep-cpe:/a:amazon:linux:php56-opcache
amazonlinuxphp72-odbcp-cpe:/a:amazon:linux:php72-odbc
amazonlinuxphp70-imapp-cpe:/a:amazon:linux:php70-imap
amazonlinuxphp71-pdop-cpe:/a:amazon:linux:php71-pdo
amazonlinuxphp70-develp-cpe:/a:amazon:linux:php70-devel
amazonlinuxphp71-soapp-cpe:/a:amazon:linux:php71-soap
amazonlinuxphp71-pdo-dblibp-cpe:/a:amazon:linux:php71-pdo-dblib
amazonlinuxphp72-imapp-cpe:/a:amazon:linux:php72-imap
Rows per page:
1-10 of 1321

Related

nessus 39
fedora 13
f5 1
debian 4
openvas 37
amazon 1
osv 6
prion 2
ubuntucve 2
nvd 3
attackerkb 1
redhatcve 2
debiancve 2
cve 3
veracode 2
altlinux 3
alpinelinux 2
checkpoint_advisories 1
ibm 2
mageia 1
hackerone 1
ubuntu 1
suse 5
wallarmlab 1
exploitdb 1
cvelist 2
metasploit 1
gentoo 1
rosalinux 1
nessus
nessus
Debian DLA-1608-1 : php5 security update
2018-12-17 00:00:00
Fedora 29 : php (2018-7ebfe1e6f2)
2019-01-03 00:00:00
Fedora 28 : php (2018-dfe1f0bac6)
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: php-7.2.13-2.fc29
2018-12-17 19:12:53
[SECURITY] Fedora 28 Update: php-7.2.13-2.fc28
2018-12-17 02:28:09
[SECURITY] Fedora 28 Update: php-7.2.16-1.fc28
2019-03-15 03:36:28
f5
f5
K03544225 : PHP vulnerabilities CVE-2018-19518 and CVE-2018-19935
2019-01-08 00:00:00
debian
debian
[SECURITY] [DLA 1608-1] php5 security update
2018-12-17 01:56:08
[SECURITY] [DLA 2866-1] uw-imap security update
2021-12-29 17:12:17
[SECURITY] [DLA 1700-1] uw-imap security update
2019-03-01 13:26:16
openvas
openvas
Fedora Update for php FEDORA-2018-7ebfe1e6f2
2019-05-07 00:00:00
Fedora Update for php FEDORA-2018-dfe1f0bac6
2018-12-18 00:00:00
Debian: Security Advisory (DLA-1608-1)
2018-12-17 00:00:00
amazon
amazon
Medium: php56, php70, php71, php72
2019-01-09 22:58:00
osv
osv
php5 - security update
2018-12-16 00:00:00
uw-imap - security update
2021-12-29 00:00:00
CVE-2018-19518
2018-11-25 10:29:00
prion
prion
Input validation
2018-11-25 10:29:00
Null pointer dereference
2018-12-07 09:29:00
ubuntucve
ubuntucve
CVE-2018-19935
2018-12-07 00:00:00
CVE-2018-19518
2018-11-25 00:00:00
nvd
nvd
CVE-2018-19935
2018-12-07 09:29:00
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-1000859
2018-12-06 17:15:08
attackerkb
attackerkb
CVE-2018-19518
2018-11-25 00:00:00
redhatcve
redhatcve
CVE-2018-19935
2020-03-30 14:17:07
CVE-2018-19518
2018-11-28 10:19:59
debiancve
debiancve
CVE-2018-19935
2018-12-07 09:29:00
CVE-2018-19518
2018-11-25 10:29:00
cve
cve
CVE-2018-19935
2018-12-07 09:29:00
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-1000859
2022-10-03 16:21:59
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:29:42
Remote Code Execution (RCE)
2020-09-21 06:25:14
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version Jan.
2019-01-15 00:00:00
Security fix for the ALT Linux 8 package php7 version 7.2.14-alt1
2019-01-23 00:00:00
Security fix for the ALT Linux 10 package php8.1 version Jan.
2019-01-15 00:00:00
alpinelinux
alpinelinux
CVE-2018-19935
2018-12-07 09:29:00
CVE-2018-19518
2018-11-25 10:29:00
checkpoint_advisories
checkpoint_advisories
PHP IMAP imap_open Command Injection (CVE-2018-19518)
2022-11-17 00:00:00
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-19518)
2020-01-08 21:42:21
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
2023-12-07 22:45:07
mageia
mageia
Updated php packages fix security vulnerability
2018-12-20 23:17:27
hackerone
hackerone
Internet Bug Bounty: null pointer dereference in imap_mail
2018-12-06 03:30:36
ubuntu
ubuntu
UW IMAP vulnerability
2019-10-21 00:00:00
suse
suse
Recommended update for php5 (moderate)
2018-12-08 00:19:13
Recommended update for php7 (moderate)
2018-12-08 00:11:09
Security update for php7 (moderate)
2019-02-19 00:00:00
wallarmlab
wallarmlab
RCE in PHP or how to bypass disable_functions in PHP installations
2018-12-06 17:32:24
exploitdb
exploitdb
PHP imap_open - Remote Code Execution (Metasploit)
2018-11-29 00:00:00
cvelist
cvelist
CVE-2018-19518
2018-11-25 10:00:00
CVE-2018-19935
2018-12-07 09:00:00
metasploit
metasploit
php imap_open Remote Code Execution
2018-11-19 02:28:19
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-03-26 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON
Related for ALA_ALAS-2019-1147.NASL
nessus39fedora13f51debian4openvas37amazon1osv6prion2ubuntucve2nvd3attackerkb1redhatcve2debiancve2cve3veracode2altlinux3alpinelinux2checkpoint_advisories1ibm2mageia1hackerone1ubuntu1suse5wallarmlab1exploitdb1cvelist2metasploit1gentoo1rosalinux1