Detections
Analytics

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)

high Nessus Plugin ID 64104

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

PHP5 was updated with incremental fixes to the previous update.

 - Additional unsafe cgi wrapper scripts are also fixed now. (CVE-2012-2335)

 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter.
 (CVE-2012-2336)

 - heap-based buffer overflow in php's phar extension.
 (CVE-2012-2386)

 - The crypt() implementation ignored wide characters, leading to shorter effective password lengths. Note:
 With this update applied affected passwords will no longer work and need to be set again. (CVE-2012-2143)

Solution

Apply SAT patch number 6440.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=761631

https://bugzilla.novell.com/show_bug.cgi?id=763814

https://bugzilla.novell.com/show_bug.cgi?id=766798

http://support.novell.com/security/cve/CVE-2012-2143.html

http://support.novell.com/security/cve/CVE-2012-2335.html

http://support.novell.com/security/cve/CVE-2012-2336.html

http://support.novell.com/security/cve/CVE-2012-2386.html

Plugin Details

Severity: High

ID: 64104

File Name: suse_11_apache2-mod_php53-120618.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/25/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:php53, p-cpe:/a:novell:suse_linux:11:php53-pear, p-cpe:/a:novell:suse_linux:11:php53-zip, p-cpe:/a:novell:suse_linux:11:php53-gettext, p-cpe:/a:novell:suse_linux:11:php53-json, p-cpe:/a:novell:suse_linux:11:php53-mbstring, p-cpe:/a:novell:suse_linux:11:php53-ftp, p-cpe:/a:novell:suse_linux:11:php53-mcrypt, p-cpe:/a:novell:suse_linux:11:php53-pgsql, p-cpe:/a:novell:suse_linux:11:php53-shmop, p-cpe:/a:novell:suse_linux:11:php53-sysvshm, p-cpe:/a:novell:suse_linux:11:php53-wddx, p-cpe:/a:novell:suse_linux:11:php53-soap, p-cpe:/a:novell:suse_linux:11:php53-intl, p-cpe:/a:novell:suse_linux:11:php53-dba, p-cpe:/a:novell:suse_linux:11:php53-suhosin, p-cpe:/a:novell:suse_linux:11:php53-calendar, p-cpe:/a:novell:suse_linux:11:php53-mysql, p-cpe:/a:novell:suse_linux:11:php53-curl, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:php53-xsl, p-cpe:/a:novell:suse_linux:11:php53-gd, p-cpe:/a:novell:suse_linux:11:php53-pcntl, p-cpe:/a:novell:suse_linux:11:php53-iconv, p-cpe:/a:novell:suse_linux:11:php53-gmp, p-cpe:/a:novell:suse_linux:11:php53-openssl, p-cpe:/a:novell:suse_linux:11:php53-zlib, p-cpe:/a:novell:suse_linux:11:php53-tokenizer, p-cpe:/a:novell:suse_linux:11:php53-ldap, p-cpe:/a:novell:suse_linux:11:php53-ctype, p-cpe:/a:novell:suse_linux:11:php53-fastcgi, p-cpe:/a:novell:suse_linux:11:php53-pspell, p-cpe:/a:novell:suse_linux:11:php53-fileinfo, p-cpe:/a:novell:suse_linux:11:php53-sysvsem, p-cpe:/a:novell:suse_linux:11:php53-xmlreader, p-cpe:/a:novell:suse_linux:11:php53-xmlwriter, p-cpe:/a:novell:suse_linux:11:php53-exif, p-cpe:/a:novell:suse_linux:11:apache2-mod_php53, p-cpe:/a:novell:suse_linux:11:php53-pdo, p-cpe:/a:novell:suse_linux:11:php53-odbc, p-cpe:/a:novell:suse_linux:11:php53-dom, p-cpe:/a:novell:suse_linux:11:php53-snmp, p-cpe:/a:novell:suse_linux:11:php53-sysvmsg, p-cpe:/a:novell:suse_linux:11:php53-bcmath, p-cpe:/a:novell:suse_linux:11:php53-xmlrpc, p-cpe:/a:novell:suse_linux:11:php53-bz2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 6/18/2012

Reference Information

CVE: CVE-2012-2143, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386