Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_APACHE2-MOD_PHP5-110907.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.055 Low
EPSS
Percentile
93.2%
The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id ‘$2a$’ for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to ‘$2x$’ in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.
File uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).
A long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)
Incorrect implementation of the error_log function could crash php (CVE-2011-3267)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update apache2-mod_php5-5113.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75791);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3267", "CVE-2011-3268");
script_name(english:"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)");
script_summary(english:"Check for the apache2-mod_php5-5113 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The blowfish password hashing implementation did not properly handle
8-characters in passwords, which made it easier for attackers to crack
the hash (CVE-2011-2483). After this update existing hashes with id
'$2a$' for passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will either
have to change their password to store a new hash or the id of the
existing hash has to be manually changed to '$2x$' in order to
activate a compat mode. Please see the description of the
CVE-2011-2483 glibc update for details.
File uploads could potentially overwrite files owned by the user
running php (CVE-2011-2202).
A long salt argument to the crypt function could cause a buffer
overflow (CVE-2011-3268)
Incorrect implementation of the error_log function could crash php
(CVE-2011-3267)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=699711"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=701491"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=709549"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=715640"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=715646"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2011-10/msg00015.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apache2-mod_php5 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
script_set_attribute(attribute:"patch_publication_date", value:"2011/09/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.4", reference:"apache2-mod_php5-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"apache2-mod_php5-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-bcmath-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-bcmath-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-bz2-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-bz2-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-calendar-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-calendar-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ctype-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ctype-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-curl-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-curl-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-dba-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-dba-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-debugsource-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-devel-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-dom-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-dom-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-enchant-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-enchant-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-exif-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-exif-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fastcgi-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fastcgi-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fileinfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fileinfo-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fpm-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-fpm-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ftp-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ftp-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gd-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gd-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gettext-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gettext-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gmp-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-gmp-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-hash-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-hash-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-iconv-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-iconv-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-imap-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-imap-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-intl-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-intl-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-json-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-json-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ldap-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-ldap-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mbstring-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mbstring-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mcrypt-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mcrypt-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mysql-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-mysql-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-odbc-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-odbc-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-openssl-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-openssl-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pcntl-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pcntl-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pdo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pdo-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pear-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pgsql-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pgsql-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-phar-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-phar-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-posix-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-posix-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pspell-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-pspell-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-readline-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-readline-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-shmop-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-shmop-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-snmp-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-snmp-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-soap-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-soap-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sockets-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sockets-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sqlite-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sqlite-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-suhosin-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-suhosin-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvmsg-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvmsg-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvsem-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvsem-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvshm-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-sysvshm-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-tidy-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-tidy-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-tokenizer-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-tokenizer-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-wddx-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-wddx-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlreader-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlreader-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlrpc-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlrpc-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlwriter-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xmlwriter-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xsl-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-xsl-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-zip-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-zip-debuginfo-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-zlib-5.3.5-5.16.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"php5-zlib-debuginfo-5.3.5-5.16.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | php5-gd-debuginfo | p-cpe:/a:novell:opensuse:php5-gd-debuginfo |
| novell | opensuse | apache2-mod_php5 | p-cpe:/a:novell:opensuse:apache2-mod_php5 |
| novell | opensuse | apache2-mod_php5-debuginfo | p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo |
| novell | opensuse | php5 | p-cpe:/a:novell:opensuse:php5 |
| novell | opensuse | php5-bcmath | p-cpe:/a:novell:opensuse:php5-bcmath |
| novell | opensuse | php5-bcmath-debuginfo | p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo |
| novell | opensuse | php5-bz2 | p-cpe:/a:novell:opensuse:php5-bz2 |
| novell | opensuse | php5-bz2-debuginfo | p-cpe:/a:novell:opensuse:php5-bz2-debuginfo |
| novell | opensuse | php5-calendar | p-cpe:/a:novell:opensuse:php5-calendar |
| novell | opensuse | php5-calendar-debuginfo | p-cpe:/a:novell:opensuse:php5-calendar-debuginfo |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
bugzilla.novell.com/show_bug.cgi?id=699711
bugzilla.novell.com/show_bug.cgi?id=701491
bugzilla.novell.com/show_bug.cgi?id=709549
bugzilla.novell.com/show_bug.cgi?id=715640
bugzilla.novell.com/show_bug.cgi?id=715646
lists.opensuse.org/opensuse-updates/2011-10/msg00015.html
Related
nessus
nessus
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2011:165)
2011-11-04 00:00:00
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
2011-08-22 00:00:00
prion
prion
Buffer overflow
2011-08-25 18:55:00
Code injection
2011-08-25 18:55:00
Default credentials
2011-08-25 14:22:00
ubuntucve
ubuntucve
cvelist
cvelist
openvas
openvas
Mandriva Update for php MDVSA-2011:165 (php)
2011-11-08 00:00:00
PHP Multiple Vulnerabilities (Sep 2011) - Windows
2011-09-07 00:00:00
Mandriva Update for php MDVSA-2011:165 (php)
2011-11-08 00:00:00
nvd
nvd
cve
cve
securityvulns
securityvulns
PHP multiple security vulnerabilities
2011-10-12 00:00:00
[slackware-security] php (SSA:2011-237-01)
2011-08-27 00:00:00
PHP multiple security vulnerabilities
2011-08-27 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-08-18 00:00:00
ubuntu
ubuntu
PHP Vulnerabilities
2011-10-18 00:00:00
PostgreSQL vulnerability
2011-10-13 00:00:00
slackware
slackware
[slackware-security] php
2011-08-25 16:35:35
fedora
fedora
[SECURITY] Fedora 14 Update: maniadrive-1.2-32.fc14
2011-09-18 22:59:22
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16
2011-09-09 17:13:35
[SECURITY] Fedora 16 Update: php-5.3.8-1.fc16
2011-09-09 17:13:35
altlinux
altlinux
Security fix for the ALT Linux 8 package postgresql12 version 9.0.5-alt1
2011-10-11 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt5
2011-06-21 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.11.3-alt5
2011-06-21 00:00:00
debiancve
debiancve
CVE-2011-2483
2011-08-25 14:22:44
oraclelinux
oraclelinux
postgresql security update
2011-10-17 00:00:00
postgresql84 security update
2011-10-17 00:00:00
postgresql security update
2012-05-21 00:00:00
veracode
veracode
Arbitrary File Overwrite
2020-04-10 01:03:26
Brute-force Attack
2020-04-10 01:02:59
centos
centos
postgresql84 security update
2011-10-18 19:01:00
postgresql security update
2011-10-18 18:58:11
php53 security update
2011-11-03 03:59:22
redhat
redhat
(RHSA-2011:1377) Moderate: postgresql security update
2011-10-17 00:00:00
(RHSA-2011:1378) Moderate: postgresql84 security update
2011-10-17 00:00:00
(RHSA-2011:1423) Moderate: php53 and php security update
2011-11-02 00:00:00
debian
debian
[SECURITY] [DSA 2340-1] postgresql security update
2011-11-07 19:49:12
amazon
amazon
Medium: postgresql
2011-10-31 18:24:00
Important: php
2011-10-11 00:07:00
suse
suse
weak password hashing algorithm in glibc,pam-modules,libxcrypt,pwdutils
2011-08-23 15:21:03
osv
osv
postgresql - weak password hashing
2011-11-07 00:00:00
f5
f5
SOL13519 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.055 Low
EPSS
Percentile
93.2%
Related for SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL