Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2014-7765.NASL
HistoryJul 01, 2014 - 12:00 a.m.

Fedora 20 : php-5.5.14-1.fc20 (2014-7765)

2014-07-0100:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.948 High

EPSS

Percentile

99.3%

JSON

26 Jun 2014, PHP 5.5.14

Core :

  • Fixed BC break introduced by patch for bug #67072.
    (Anatol, Stas)

    • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison)

    • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi)

    • Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)

    • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser)

CLI server :

  • Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

Date :

  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam)

    • Fixed regression in fix for bug #67118 (constructor can’t be called twice). (Remi)

Fileinfo :

  • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)

    • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size).
      (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)

    • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)

    • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)

    • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

Intl :

  • Fixed bug #67349 (Locale::parseLocale Double Free).
    (Stas)

    • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas)

Network :

  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara)

OPCache :

  • Fixed issue #183 (TMP_VAR is not only used once).
    (Dmitry, Laruence)

OpenSSL :

  • Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler)

    • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler)

PDO-ODBC :

  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).

SOAP :

  • Implemented FR #49898 (Add SoapClient::__getCookies()).
    (Boro Sitnikovski)

SPL :

  • Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)

    • Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)

    • Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)

    • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515) (Stefan Esser)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-7765.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76327);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_bugtraq_id(67837, 68007, 68120, 68237, 68238, 68239, 68241, 68243);
  script_xref(name:"FEDORA", value:"2014-7765");

  script_name(english:"Fedora 20 : php-5.5.14-1.fc20 (2014-7765)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"26 Jun 2014, PHP 5.5.14

Core :

  - Fixed BC break introduced by patch for bug #67072.
    (Anatol, Stas)

    - Fixed bug #66622 (Closures do not correctly capture
      the late bound class (static::) in some cases). (Levi
      Morrison)

    - Fixed bug #67390 (insecure temporary file use in the
      configure script). (CVE-2014-3981) (Remi)

    - Fixed bug #67399 (putenv with empty variable may lead
      to crash). (Stas)

    - Fixed bug #67498 (phpinfo() Type Confusion Information
      Leak Vulnerability). (Stefan Esser)

CLI server :

  - Fixed Bug #67406 (built-in web-server segfaults on
    startup). (Remi)

Date :

  - Fixed bug #67308 (Serialize of DateTime truncates
    fractions of second). (Adam)

    - Fixed regression in fix for bug #67118 (constructor
      can't be called twice). (Remi)

Fileinfo :

  - Fixed bug #67326 (fileinfo: cdf_read_short_sector
    insufficient boundary check). (CVE-2014-0207)

    - Fixed bug #67410 (fileinfo: mconvert incorrect
      handling of truncated pascal string size).
      (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)

    - Fixed bug #67411 (fileinfo: cdf_check_stream_offset
      insufficient boundary check). (CVE-2014-3479)
      (Francisco Alonso, Jan Kaluza, Remi)

    - Fixed bug #67412 (fileinfo: cdf_count_chain
      insufficient boundary check). (CVE-2014-3480)
      (Francisco Alonso, Jan Kaluza, Remi)

    - Fixed bug #67413 (fileinfo: cdf_read_property_info
      insufficient boundary check). (CVE-2014-3487)
      (Francisco Alonso, Jan Kaluza, Remi)

Intl :

  - Fixed bug #67349 (Locale::parseLocale Double Free).
    (Stas)

    - Fixed bug #67397 (Buffer overflow in
      locale_get_display_name and uloc_getDisplayName
      (libicu 4.8.1)). (Stas)

Network :

  - Fixed bug #67432 (Fix potential segfault in
    dns_get_record()). (CVE-2014-4049). (Sara)

OPCache :

  - Fixed issue #183 (TMP_VAR is not only used once).
    (Dmitry, Laruence)

OpenSSL :

  - Fixed bug #65698 (certificates validity parsing does not
    work past 2050). (Paul Oehler)

    - Fixed bug #66636 (openssl_x509_parse warning with
      V_ASN1_GENERALIZEDTIME). (Paul Oehler)

PDO-ODBC :

  - Fixed bug #50444 (PDO-ODBC changes for 64-bit).

SOAP :

  - Implemented FR #49898 (Add SoapClient::__getCookies()).
    (Boro Sitnikovski)

SPL :

  - Fixed bug #66127 (Segmentation fault with ArrayObject
    unset). (Stas)

    - Fixed bug #67359 (Segfault in
      recursiveDirectoryIterator). (Laruence)

    - Fixed bug #67360 (Missing element after
      ArrayObject::getIterator). (Adam)

    - Fixed bug #67492 (unserialize() SPL ArrayObject /
      SPLObjectStorage Type Confusion). (CVE-2014-3515)
      (Stefan Esser)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134876.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d807888f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC20", reference:"php-5.5.14-1.fc20")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
VendorProductVersionCPE
fedoraprojectfedoraphpp-cpe:/a:fedoraproject:fedora:php
fedoraprojectfedora20cpe:/o:fedoraproject:fedora:20

Related

openvas 42
f5 2
slackware 1
amazon 4
nessus 42
mageia 3
osv 6
debian 10
fedora 3
ubuntu 2
securityvulns 3
oraclelinux 4
redhat 6
centos 4
freebsd 1
ibm 2
veracode 10
prion 9
nvd 9
cve 9
debiancve 5
cvelist 9
ubuntucve 9
checkpoint_advisories 2
hackerone 1
suse 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-367)
2015-09-08 00:00:00
Slackware: Security Advisory (SSA:2014-192-01)
2022-04-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-372)
2015-09-08 00:00:00
f5
f5
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
amazon
amazon
Medium: php54
2014-07-09 16:24:00
Medium: php55
2014-07-09 16:42:00
Medium: file
2014-07-23 13:57:00
nessus
nessus
Amazon Linux AMI : php55 (ALAS-2014-372)
2014-10-12 00:00:00
Amazon Linux AMI : php54 (ALAS-2014-367)
2014-10-12 00:00:00
Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01)
2014-07-14 00:00:00
mageia
mageia
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
osv
osv
php5 - security update
2014-07-08 00:00:00
file - security update
2014-07-31 00:00:00
file - security update
2014-09-09 00:00:00
debian
debian
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[DLA 27-1] file security update
2014-07-31 14:47:17
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-5.5.14-1.fc19
2014-07-08 00:57:33
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
PHP vulnerabilities
2014-07-09 00:00:00
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
PHP security vulnerabilities
2014-06-17 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
file security and bug fix update
2015-11-23 00:00:00
php53 and php security update
2014-08-06 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
centos
centos
php security update
2014-08-06 14:38:20
file, python security update
2015-11-30 19:28:42
php, php53 security update
2014-08-06 14:53:37
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
2018-06-16 21:19:23
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
prion
prion
Buffer overflow
2014-07-09 11:07:00
Design/Logic Flaw
2014-07-09 11:07:00
Command injection
2014-07-09 11:07:00
nvd
nvd
CVE-2014-3478
2014-07-09 11:07:01
CVE-2014-3479
2014-07-09 11:07:01
CVE-2014-3981
2014-06-08 18:55:06
cve
cve
CVE-2014-3487
2014-07-09 11:07:01
CVE-2014-3478
2014-07-09 11:07:01
CVE-2014-3981
2014-06-08 18:55:06
debiancve
debiancve
CVE-2014-3478
2014-07-09 11:07:01
CVE-2014-3479
2014-07-09 11:07:01
CVE-2014-3487
2014-07-09 11:07:01
cvelist
cvelist
CVE-2014-3480
2014-07-09 10:00:00
CVE-2014-3981
2014-06-08 18:00:00
CVE-2014-3478
2014-07-09 10:00:00
ubuntucve
ubuntucve
CVE-2014-3981
2014-06-08 00:00:00
CVE-2014-3478
2014-07-09 00:00:00
CVE-2014-3487
2014-07-09 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
2014-07-16 00:00:00
PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)
2014-09-21 00:00:00
hackerone
hackerone
Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
2014-06-20 00:00:00
suse
suse
Security update for PHP5 (important)
2014-07-04 00:04:20

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.948 High

EPSS

Percentile

99.3%

JSON
Related for FEDORA_2014-7765.NASL
openvas42f52slackware1amazon4nessus42mageia3osv6debian10fedora3ubuntu2securityvulns3oraclelinux4redhat6centos4freebsd1ibm2veracode10prion9nvd9cve9debiancve5cvelist9ubuntucve9checkpoint_advisories2hackerone1suse1