7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.582 Medium
EPSS
Percentile
97.7%
This update for php7 fixes the following security issues :
CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568)
CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570)
CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the ‘properties’ hash table of a serialized object may have lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (bsc#1019547)
CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. (bsc#1019550)
CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
(bsc#1022255)
CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
(bsc#1022257)
CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
(bsc#1022260)
CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (bsc#1022262)
CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263)
CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264)
CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265)
CVE-2016-9138: PHP mishandled property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. (bsc#1008026)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0534-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(119993);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2015-8876", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480", "CVE-2016-9138", "CVE-2017-5340");
script_name(english:"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for php7 fixes the following security issues :
- CVE-2016-7480: The SplObjectStorage unserialize
implementation in ext/spl/spl_observer.c in PHP did not
verify that a key is an object, which allowed remote
attackers to execute arbitrary code or cause a denial of
service (uninitialized memory access) via crafted
serialized data. (bsc#1019568)
- CVE-2017-5340: Zend/zend_hash.c in PHP mishandled
certain cases that require large array allocations,
which allowed remote attackers to execute arbitrary code
or cause a denial of service (integer overflow,
uninitialized memory access, and use of arbitrary
destructor function pointers) via crafted serialized
data. (bsc#1019570)
- CVE-2016-7479: In all versions of PHP 7, during the
unserialization process, resizing the 'properties' hash
table of a serialized object may have lead to
use-after-free. A remote attacker may exploit this bug
to gain arbitrary code execution. (bsc#1019547)
- CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed
remote attackers to cause a denial of service (infinite
loop) via a crafted Exception object in serialized data,
a related issue to CVE-2015-8876. (bsc#1019550)
- CVE-2016-10159: Integer overflow in the
phar_parse_pharfile function in ext/phar/phar.c in PHP
allowed remote attackers to cause a denial of service
(memory consumption or application crash) via a
truncated manifest entry in a PHAR archive.
(bsc#1022255)
- CVE-2016-10160: Off-by-one error in the
phar_parse_pharfile function in ext/phar/phar.c in PHP
allowed remote attackers to cause a denial of service
(memory corruption) or possibly execute arbitrary code
via a crafted PHAR archive with an alias mismatch.
(bsc#1022257)
- CVE-2016-10161: The object_common1 function in
ext/standard/var_unserializer.c in PHP allowed remote
attackers to cause a denial of service (buffer over-read
and application crash) via crafted serialized data that
is mishandled in a finish_nested_data call.
(bsc#1022260)
- CVE-2016-10162: The php_wddx_pop_element function in
ext/wddx/wddx.c in PHP 7 allowed remote attackers to
cause a denial of service (NULL pointer dereference and
application crash) via an inapplicable class name in a
wddxPacket XML document, leading to mishandling in a
wddx_deserialize call. (bsc#1022262)
- CVE-2016-10166: A potential unsigned underflow in gd
interpolation functions could lead to memory corruption
in the PHP gd module (bsc#1022263)
- CVE-2016-10167: A denial of service problem in
gdImageCreateFromGd2Ctx() could lead to php out of
memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the gd
module could lead to memory corruption (bsc#1022265)
- CVE-2016-9138: PHP mishandled property modification
during __wakeup processing, which allows remote
attackers to cause a denial of service or possibly have
unspecified other impact via crafted serialized data, as
demonstrated by Exception::__toString with
DateInterval::__wakeup. (bsc#1008026)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1008026"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019547"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019550"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019568"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019570"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022219"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022255"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022257"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022260"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022262"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022263"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022264"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1022265"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10158/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10159/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10160/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10161/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10162/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10166/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10167/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10168/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7478/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7479/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7480/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9138/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5340/"
);
# https://www.suse.com/support/update/announcement/2017/suse-su-20170534-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f193c1ba"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-277=1
SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2017-277=1
SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
SUSE-SLE-Module-Web-Scripting-12-2017-277=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/22");
script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debugsource-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-debuginfo-7.0.7-35.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | apache2-mod_php7 | p-cpe:/a:novell:suse_linux:apache2-mod_php7 |
novell | suse_linux | apache2-mod_php7-debuginfo | p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo |
novell | suse_linux | php7 | p-cpe:/a:novell:suse_linux:php7 |
novell | suse_linux | php7-bcmath | p-cpe:/a:novell:suse_linux:php7-bcmath |
novell | suse_linux | php7-bcmath-debuginfo | p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo |
novell | suse_linux | php7-bz2 | p-cpe:/a:novell:suse_linux:php7-bz2 |
novell | suse_linux | php7-bz2-debuginfo | p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo |
novell | suse_linux | php7-calendar | p-cpe:/a:novell:suse_linux:php7-calendar |
novell | suse_linux | php7-calendar-debuginfo | p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo |
novell | suse_linux | php7-ctype | p-cpe:/a:novell:suse_linux:php7-ctype |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5340
www.nessus.org/u?f193c1ba
bugzilla.suse.com/show_bug.cgi?id=1008026
bugzilla.suse.com/show_bug.cgi?id=1019547
bugzilla.suse.com/show_bug.cgi?id=1019550
bugzilla.suse.com/show_bug.cgi?id=1019568
bugzilla.suse.com/show_bug.cgi?id=1019570
bugzilla.suse.com/show_bug.cgi?id=1022219
bugzilla.suse.com/show_bug.cgi?id=1022255
bugzilla.suse.com/show_bug.cgi?id=1022257
bugzilla.suse.com/show_bug.cgi?id=1022260
bugzilla.suse.com/show_bug.cgi?id=1022262
bugzilla.suse.com/show_bug.cgi?id=1022263
bugzilla.suse.com/show_bug.cgi?id=1022264
bugzilla.suse.com/show_bug.cgi?id=1022265
www.suse.com/security/cve/CVE-2016-10158/
www.suse.com/security/cve/CVE-2016-10159/
www.suse.com/security/cve/CVE-2016-10160/
www.suse.com/security/cve/CVE-2016-10161/
www.suse.com/security/cve/CVE-2016-10162/
www.suse.com/security/cve/CVE-2016-10166/
www.suse.com/security/cve/CVE-2016-10167/
www.suse.com/security/cve/CVE-2016-10168/
www.suse.com/security/cve/CVE-2016-7478/
www.suse.com/security/cve/CVE-2016-7479/
www.suse.com/security/cve/CVE-2016-7480/
www.suse.com/security/cve/CVE-2016-9138/
www.suse.com/security/cve/CVE-2017-5340/
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.582 Medium
EPSS
Percentile
97.7%