Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54629

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

Resumen: The remote host is missing updates announced in;advisory GLSA 200407-22.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200407-22.

Vulnerability Insight:
Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a
valid user account to alter configuration variables and execute arbitrary
PHP code.

Solution:
All phpMyAdmin users should upgrade to the latest version:

# emerge sync

# emerge -pv '>=dev-db/phpmyadmin-2.5.7_p1'
# emerge '>=dev-db/phpmyadmin-2.5.7_p1'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-2631
BugTraq ID: 10629
http://www.securityfocus.com/bid/10629
Bugtraq: 20040628 php codes injection in phpMyAdmin version 2.5.7. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html
Bugtraq: 20040630 Re: php codes injection in phpMyAdmin version 2.5.7. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html
Bugtraq: 20041018 phpMyAdmin: Vulnerability in MIME-based transformation (Google Search)
http://marc.info/?l=bugtraq&m=109816584519779&w=2
http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml
http://eagle.kecapi.com/sec/fd/phpMyAdmin.html
http://www.securiteam.com/unixfocus/5QP040ADFW.html
http://www.osvdb.org/7314
http://securitytracker.com/id?1010614
http://secunia.com/advisories/11974
XForce ISS Database: phpmyadmin-php-injection(16542)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16542
Common Vulnerability Exposure (CVE) ID: CVE-2004-2632
http://www.osvdb.org/7315
http://securitytracker.com/alerts/2004/Jun/1010614.html
XForce ISS Database: phpmyadmin-code-manipulation(16555)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16555

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54629
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200407-22.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200407-22. Vulnerability Insight: Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code. Solution: All phpMyAdmin users should upgrade to the latest version: # emerge sync # emerge -pv '>=dev-db/phpmyadmin-2.5.7_p1' # emerge '>=dev-db/phpmyadmin-2.5.7_p1' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2631 BugTraq ID: 10629 http://www.securityfocus.com/bid/10629 Bugtraq: 20040628 php codes injection in phpMyAdmin version 2.5.7. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html Bugtraq: 20040630 Re: php codes injection in phpMyAdmin version 2.5.7. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html Bugtraq: 20041018 phpMyAdmin: Vulnerability in MIME-based transformation (Google Search) http://marc.info/?l=bugtraq&m=109816584519779&w=2 http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://www.securiteam.com/unixfocus/5QP040ADFW.html http://www.osvdb.org/7314 http://securitytracker.com/id?1010614 http://secunia.com/advisories/11974 XForce ISS Database: phpmyadmin-php-injection(16542) https://exchange.xforce.ibmcloud.com/vulnerabilities/16542 Common Vulnerability Exposure (CVE) ID: CVE-2004-2632 http://www.osvdb.org/7315 http://securitytracker.com/alerts/2004/Jun/1010614.html XForce ISS Database: phpmyadmin-code-manipulation(16555) https://exchange.xforce.ibmcloud.com/vulnerabilities/16555
Copyright	Copyright (C) 2008 E-Soft Inc.