Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2011:198 First vendor Publication 2011-12-31
Vendor Mandriva Last vendor Modification 2011-12-31
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in phpmyadmin:

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server) (CVE-2011-4107).

Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs (CVE-2011-4634).

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory (CVE-2011-4782).

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections (CVE-2011-4780).

This upgrade provides the latest phpmyadmin version (3.4.9) to address these vulnerabilities.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
25 % CWE-611 Information Leak Through XML External Entity File Disclosure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15400
 
Oval ID: oval:org.mitre.oval:def:15400
Title: DSA-2391-1 phpmyadmin -- several
Description: Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references. CVE-2011-1940, CVE-2011-3181 Cross site scripting was possible in the table tracking feature, allowing a remote attacker to inject arbitrary web script or HTML. The oldstable distribution is not affected by these problems.
Family: unix Class: patch
Reference(s): DSA-2391-1
CVE-2011-1940
CVE-2011-3181
CVE-2011-4107
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): phpmyadmin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 274
Os 1
Os 3

ExploitDB Exploits

id Description
2012-01-14 phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for phpMyAdmin FEDORA-2011-16768
File : nvt/gb_fedora_2011_16768_phpMyAdmin_fc16.nasl
2012-04-02 Name : Fedora Update for phpMyAdmin FEDORA-2011-17369
File : nvt/gb_fedora_2011_17369_phpMyAdmin_fc16.nasl
2012-03-19 Name : Fedora Update for phpMyAdmin FEDORA-2011-15841
File : nvt/gb_fedora_2011_15841_phpMyAdmin_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2012-02-11 Name : Debian Security Advisory DSA 2391-1 (phpmyadmin)
File : nvt/deb_2391_1.nasl
2012-01-09 Name : Fedora Update for phpMyAdmin FEDORA-2011-17370
File : nvt/gb_fedora_2011_17370_phpMyAdmin_fc15.nasl
2012-01-09 Name : Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)
File : nvt/gb_mandriva_MDVSA_2011_198.nasl
2011-12-23 Name : phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability
File : nvt/secpod_phpmyadmin_setup_host_var_xss_vuln.nasl
2011-12-19 Name : Fedora Update for phpMyAdmin FEDORA-2011-16786
File : nvt/gb_fedora_2011_16786_phpMyAdmin_fc15.nasl
2011-11-25 Name : Fedora Update for phpMyAdmin FEDORA-2011-15831
File : nvt/gb_fedora_2011_15831_phpMyAdmin_fc14.nasl
2011-11-25 Name : Fedora Update for phpMyAdmin FEDORA-2011-15846
File : nvt/gb_fedora_2011_15846_phpMyAdmin_fc15.nasl
0000-00-00 Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin27.nasl
0000-00-00 Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin28.nasl
0000-00-00 Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin29.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78036 phpMyAdmin libraries/display_export.lib.php Multiple Export Panel URL Paramet...
78034 phpMyAdmin Create Index Dialog Column Type XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Column Type' field upon submission to the Create Index dialog. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
78033 phpMyAdmin Table Search Dialog Column Type XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Column Type' field upon submission to the Table Search dialog. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
78032 phpMyAdmin View Creation Dialog Failed SQL Query XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a failed SQL query upon submission to the View Creation dialog. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
78031 phpMyAdmin Table Overview Panel Failed SQL Query XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a failed SQL query upon submission to the Table Overview panel. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
78030 phpMyAdmin Database Rename Panel Database Name XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'database name' field upon submission to the Database Rename panel. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
78029 phpMyAdmin Database Synchronize Panel Database Name XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'database name' field upon submission to the Database Synchronize panel. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
77983 phpMyAdmin Setup Interface $host Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the $host parameter upon submission to the setup interface. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
76798 phpMyadmin libraries/import/xml.php XML Data Entity References Parsing Remote...

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-18.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-94.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-14.nasl - Type : ACT_GATHER_INFO
2012-05-21 Name : The remote web server hosts a PHP application that is affected by an informat...
File : phpmyadmin_pmasa_2011_17.nasl - Type : ACT_GATHER_INFO
2012-01-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2391.nasl - Type : ACT_GATHER_INFO
2012-01-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2012-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-17369.nasl - Type : ACT_GATHER_INFO
2012-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-17370.nasl - Type : ACT_GATHER_INFO
2011-12-23 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8c83145d2c9511e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO
2011-12-22 Name : The remote web server hosts a PHP application that is affected by two cross-s...
File : phpmyadmin_pmasa_2011_20.nasl - Type : ACT_GATHER_INFO
2011-12-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16786.nasl - Type : ACT_GATHER_INFO
2011-12-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16768.nasl - Type : ACT_GATHER_INFO
2011-12-19 Name : The remote web server contains a PHP application that is affected by a cross-...
File : phpmyadmin_pmasa_2011_18.nasl - Type : ACT_GATHER_INFO
2011-12-02 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ed5363361c5711e186f4e0cb4e266481.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15846.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15841.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15831.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1f6ee7080d2211e1b5bd14dae938ec40.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2016-07-28 01:03:32
  • Multiple Updates