Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2010:163 First vendor Publication 2010-08-30
Vendor Mandriva Last vendor Modification 2010-08-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in phpmyadmin:

The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code (CVE-2010-3055).

It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:163

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12436
 
Oval ID: oval:org.mitre.oval:def:12436
Title: DSA-2097-2 phpmyadmin -- insufficient input sanitising
Description: The update in DSA 2097 for phpMyAdmin did not correctly apply the intended changes, thereby not completely addressing the vulnerabilities. Updated packages now fix the issues described in the original advisory text below. Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. CVE-2010-3056 Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny6. For the testing and unstable distribution, these problems have been fixed in version 3.3.5.1-1. We recommend that you upgrade your phpmyadmin package.
Family: unix Class: patch
Reference(s): DSA-2097-2
CVE-2010-3055
CVE-2010-3056
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): phpmyadmin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12807
 
Oval ID: oval:org.mitre.oval:def:12807
Title: DSA-2097-1 phpmyadmin -- insufficient input sanitising
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. CVE-2010-3056 Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny5. For the testing and unstable distribution, these problems have been fixed in version 3.3.5.1-1. We recommend that you upgrade your phpmyadmin package.
Family: unix Class: patch
Reference(s): DSA-2097-1
CVE-2010-3055
CVE-2010-3056
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): phpmyadmin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 58

OpenVAS Exploits

Date Description
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2010-12-02 Name : Fedora Update for phpMyAdmin FEDORA-2010-13402
File : nvt/gb_fedora_2010_13402_phpMyAdmin_fc14.nasl
2010-10-10 Name : Debian Security Advisory DSA 2097-1 (phpmyadmin)
File : nvt/deb_2097_1.nasl
2010-10-10 Name : Debian Security Advisory DSA 2097-2 (phpmyadmin)
File : nvt/deb_2097_2.nasl
2010-10-10 Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin21.nasl
2010-09-07 Name : Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)
File : nvt/gb_mandriva_MDVSA_2010_164.nasl
2010-08-30 Name : phpMyAdmin Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_phpmyadmin_42584.nasl
2010-08-30 Name : phpMyAdmin Configuration File PHP Code Injection Vulnerability
File : nvt/gb_phpmyadmin_42591.nasl
2010-08-24 Name : Fedora Update for phpMyAdmin FEDORA-2010-13249
File : nvt/gb_fedora_2010_13249_phpMyAdmin_fc13.nasl
2010-08-24 Name : Fedora Update for phpMyAdmin FEDORA-2010-13258
File : nvt/gb_fedora_2010_13258_phpMyAdmin_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
67491 phpMyAdmin libraries/sqlparser.lib.php Unspecified Parameter XSS
67490 phpMyAdmin libraries/sanitizing.lib.php Unspecified Parameter XSS
67489 phpMyAdmin libraries/db_info.inc.php Unspecified Parameter XSS
67488 phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
67487 phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
67486 phpMyAdmin libraries/database_interface.lib.php Unspecified Parameter XSS
67485 phpMyAdmin libraries/common.lib.php Unspecified Parameter XSS
67343 phpMyAdmin Extension for TYPO3 Multiple Unspecified XSS
67325 phpMyAdmin tbl_sql.php Unspecified Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate an unspecified parameter upon submission to the 'tbl_sql.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67324 phpMyAdmin tbl_replace.php fields[multi_edit][] Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the fields[multi_edit][]' parameter upon submission to the 'tbl_replace.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67323 phpMyAdmin sql.php Multiple Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'cpurge', 'goto', 'purge', 'purgekey', 'table', and 'zero_rows' parameters upon submission to the 'sql.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67322 phpMyAdmin setup/config.php DefaultLang Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'DefaultLang' parameter upon submission to the 'setup/config.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67321 phpMyAdmin server_privileges.php Multiple Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'checkprivs', 'dbname', 'pred_tablename', 'selected_usr[]', 'tablename', and 'username' upon submission to the 'server_privileges.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67320 phpMyAdmin server_databases.php sort_by Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'sort_by' parameter upon submission to the 'server_databases.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67319 phpMyAdmin js/messages.php db Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'db' parameter upon submission to the 'js/messages.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67318 phpMyAdmin db_structure.php sort Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'sort' parameter upon submission to the 'db_structure.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67317 phpMyAdmin db_sql.php delimiter Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'delimiter' parameter upon submission to the 'db_sql.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67316 phpMyAdmin db_search.php field_str Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'field_str' parameter upon submission to the 'db_search.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
67310 phpMyAdmin setup.php Configuration File Arbitrary PHP Code Injection

Nessus® Vulnerability Scanner

Date Description
2012-01-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2010-08-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2097.nasl - Type : ACT_GATHER_INFO
2010-08-27 Name : The remote web server contains a PHP application that may allow execution of ...
File : phpmyadmin_pmasa_2010_4.nasl - Type : ACT_ATTACK
2010-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2010-13402.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-13249.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-13258.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_274922b8ad2011dfaf1f00e0814cab4e.nasl - Type : ACT_GATHER_INFO