Lucene search
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_APACHE2-MOD_PHP5-7375.NASLHistoryApr 04, 2011 - 12:00 a.m.
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)
2011-04-0400:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.082
Percentile
94.4%
php5 was updated to fix several security issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(53285);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2010-4150", "CVE-2010-4645", "CVE-2010-4697", "CVE-2010-4698", "CVE-2010-4699", "CVE-2011-0708", "CVE-2011-0752", "CVE-2011-0753", "CVE-2011-0755");
script_name(english:"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:"php5 was updated to fix several security issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4150.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4645.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4697.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4698.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4699.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0708.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0752.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0753.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0755.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7375.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/07");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLES10", sp:3, reference:"apache2-mod_php5-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-bcmath-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-bz2-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-calendar-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ctype-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-curl-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dba-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dbase-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-devel-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dom-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-exif-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-fastcgi-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ftp-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gd-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gettext-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gmp-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-hash-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-iconv-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-imap-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-json-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ldap-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mbstring-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mcrypt-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mhash-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mysql-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ncurses-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-odbc-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-openssl-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pcntl-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pdo-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pear-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pgsql-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-posix-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pspell-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-shmop-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-snmp-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-soap-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sockets-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sqlite-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-suhosin-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvmsg-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvsem-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvshm-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-tokenizer-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-wddx-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlreader-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlrpc-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xsl-5.2.14-0.14.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-zlib-5.2.14-0.14.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else exit(0, "The host is not affected.");
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0708
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0755
support.novell.com/security/cve/CVE-2010-4150.html
support.novell.com/security/cve/CVE-2010-4645.html
support.novell.com/security/cve/CVE-2010-4697.html
support.novell.com/security/cve/CVE-2010-4698.html
support.novell.com/security/cve/CVE-2010-4699.html
support.novell.com/security/cve/CVE-2011-0708.html
support.novell.com/security/cve/CVE-2011-0752.html
support.novell.com/security/cve/CVE-2011-0753.html
support.novell.com/security/cve/CVE-2011-0755.html
Related
nessus
nessus
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7393)
2011-12-13 00:00:00
SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4133)
2011-04-04 00:00:00
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0276-1)
2014-06-13 00:00:00
openvas
openvas
PHP 5.2 < 5.2.15 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP Zend and GD Multiple Denial of Service Vulnerabilities
2011-02-01 00:00:00
PHP Multiple Security Bypass Vulnerabilities
2011-02-01 00:00:00
ubuntucve
ubuntucve
nvd
nvd
f5
f5
SOL13518 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
K12650 : PHP vulnerability CVE-2010-4645
2013-07-05 00:00:00
Multiple PHP vulnerabilities
2012-04-05 02:07:00
prion
prion
Design/Logic Flaw
2011-01-18 20:00:00
Stack overflow
2011-01-18 20:00:00
Design/Logic Flaw
2011-01-18 20:00:00
cve
cve
seebug
seebug
PHP ZendεΌζιζΎειη¨ε η ΄εζΌζ΄(CVE-2010-4697)
2012-04-12 00:00:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 14 Update: maniadrive-data-1.2-5.fc14
2011-01-21 22:58:10
[SECURITY] Fedora 13 Update: php-eaccelerator-0.9.6.1-4.fc13
2011-01-21 23:05:26
[SECURITY] Fedora 13 Update: maniadrive-1.2-26.fc13.1
2011-01-21 23:05:26
slackware
slackware
[slackware-security] php
2011-01-11 00:47:45
[slackware-security] php
2010-12-24 03:35:50
exploitdb
exploitdb
freebsd
freebsd
php -- multiple vulnerabilities
2011-01-06 00:00:00
php-imap -- Denial of Service
2010-12-13 00:00:00
php -- crash on crafted tag in exif
2011-03-20 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:239 ] php
2010-11-24 00:00:00
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
[USN-1126-1] PHP vulnerabilities
2011-05-01 00:00:00
checkpoint_security
checkpoint_security
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:23
oraclelinux
oraclelinux
php53 security update
2011-02-03 00:00:00
php security update
2011-02-10 00:00:00
centos
centos
php53 security update
2011-04-14 23:48:18
redhat
redhat
(RHSA-2011:0196) Moderate: php53 security update
2011-02-03 00:00:00
(RHSA-2011:0195) Moderate: php security update
2011-02-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2011-04-29 00:00:00
PHP Regressions
2011-05-05 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.082
Percentile
94.4%
Related for SUSE_APACHE2-MOD_PHP5-7375.NASL