Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_APACHE2-MOD_PHP5-110907.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.055 Low
EPSS
Percentile
93.2%
The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id ‘$2a$’ for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to ‘$2x$’ in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.
File uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).
A long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update apache2-mod_php5-5112.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75433);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3268");
script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)");
script_summary(english:"Check for the apache2-mod_php5-5112 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The blowfish password hashing implementation did not properly handle
8-characters in passwords, which made it easier for attackers to crack
the hash (CVE-2011-2483). After this update existing hashes with id
'$2a$' for passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will either
have to change their password to store a new hash or the id of the
existing hash has to be manually changed to '$2x$' in order to
activate a compat mode. Please see the description of the
CVE-2011-2483 glibc update for details.
File uploads could potentially overwrite files owned by the user
running php (CVE-2011-2202).
A long salt argument to the crypt function could cause a buffer
overflow (CVE-2011-3268)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=699711"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=701491"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=709549"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=715646"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2011-10/msg00014.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apache2-mod_php5 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
script_set_attribute(attribute:"patch_publication_date", value:"2011/09/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.3", reference:"apache2-mod_php5-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-bcmath-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-bz2-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-calendar-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-ctype-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-curl-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-dba-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-devel-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-dom-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-enchant-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-exif-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-fastcgi-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-fileinfo-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-ftp-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-gd-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-gettext-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-gmp-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-hash-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-iconv-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-imap-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-intl-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-json-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-ldap-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-mbstring-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-mcrypt-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-mysql-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-odbc-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-openssl-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-pcntl-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-pdo-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-pear-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-pgsql-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-phar-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-posix-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-pspell-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-readline-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-shmop-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-snmp-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-soap-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-sockets-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-sqlite-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-suhosin-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvmsg-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvsem-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-sysvshm-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-tidy-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-tokenizer-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-wddx-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlreader-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlrpc-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-xmlwriter-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-xsl-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-zip-5.3.3-0.21.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"php5-zlib-5.3.3-0.21.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | php5-curl | p-cpe:/a:novell:opensuse:php5-curl |
| novell | opensuse | php5-dba | p-cpe:/a:novell:opensuse:php5-dba |
| novell | opensuse | php5-devel | p-cpe:/a:novell:opensuse:php5-devel |
| novell | opensuse | php5-dom | p-cpe:/a:novell:opensuse:php5-dom |
| novell | opensuse | php5-enchant | p-cpe:/a:novell:opensuse:php5-enchant |
| novell | opensuse | php5-exif | p-cpe:/a:novell:opensuse:php5-exif |
| novell | opensuse | php5-fastcgi | p-cpe:/a:novell:opensuse:php5-fastcgi |
| novell | opensuse | php5-fileinfo | p-cpe:/a:novell:opensuse:php5-fileinfo |
| novell | opensuse | php5-ftp | p-cpe:/a:novell:opensuse:php5-ftp |
| novell | opensuse | php5-gd | p-cpe:/a:novell:opensuse:php5-gd |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
bugzilla.novell.com/show_bug.cgi?id=699711
bugzilla.novell.com/show_bug.cgi?id=701491
bugzilla.novell.com/show_bug.cgi?id=709549
bugzilla.novell.com/show_bug.cgi?id=715646
lists.opensuse.org/opensuse-updates/2011-10/msg00014.html
Related
nessus
nessus
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2011:165)
2011-11-04 00:00:00
prion
prion
Buffer overflow
2011-08-25 18:55:00
Default credentials
2011-08-25 14:22:00
Path traversal
2011-06-16 23:55:00
ubuntucve
ubuntucve
cvelist
cvelist
nvd
nvd
cve
cve
openvas
openvas
FreeBSD Ports: php5, php5-sockets
2011-09-21 00:00:00
Mandriva Update for php MDVSA-2011:165 (php)
2011-11-08 00:00:00
Slackware: Security Advisory (SSA:2011-237-01)
2012-09-10 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-08-18 00:00:00
slackware
slackware
[slackware-security] php
2011-08-25 16:35:35
securityvulns
securityvulns
[slackware-security] php (SSA:2011-237-01)
2011-08-27 00:00:00
PHP multiple security vulnerabilities
2011-08-27 00:00:00
PHP directory traversal
2011-07-06 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: maniadrive-1.2-32.fc14
2011-09-18 22:59:22
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16
2011-09-09 17:13:35
[SECURITY] Fedora 16 Update: php-5.3.8-1.fc16
2011-09-09 17:13:35
altlinux
altlinux
Security fix for the ALT Linux 8 package postgresql12 version 9.0.5-alt1
2011-10-11 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.11.3-alt5
2011-06-21 00:00:00
Security fix for the ALT Linux 8 package postgresql11 version 9.0.5-alt1
2011-10-11 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerability
2011-10-13 00:00:00
PHP Vulnerabilities
2011-10-18 00:00:00
debiancve
debiancve
CVE-2011-2483
2011-08-25 14:22:44
oraclelinux
oraclelinux
postgresql security update
2011-10-17 00:00:00
postgresql84 security update
2011-10-17 00:00:00
postgresql security update
2012-05-21 00:00:00
redhat
redhat
(RHSA-2011:1377) Moderate: postgresql security update
2011-10-17 00:00:00
(RHSA-2011:1378) Moderate: postgresql84 security update
2011-10-17 00:00:00
(RHSA-2011:1423) Moderate: php53 and php security update
2011-11-02 00:00:00
veracode
veracode
Brute-force Attack
2020-04-10 01:02:59
Arbitrary File Overwrite
2020-04-10 01:03:26
amazon
amazon
Medium: postgresql
2011-10-31 18:24:00
Important: php
2011-10-11 00:07:00
debian
debian
[SECURITY] [DSA 2340-1] postgresql security update
2011-11-07 19:49:12
suse
suse
weak password hashing algorithm in glibc,pam-modules,libxcrypt,pwdutils
2011-08-23 15:21:03
centos
centos
postgresql84 security update
2011-10-18 19:01:00
postgresql security update
2011-10-18 18:58:11
php53 security update
2011-11-03 03:59:22
osv
osv
postgresql - weak password hashing
2011-11-07 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.055 Low
EPSS
Percentile
93.2%
Related for SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL