 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.59887 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 7 FEDORA-2007-3666 (phpMyAdmin) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2007-3666. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages Update Information: The login page (auth_type cookie) was vulnerable to XSS via the convcharset parameter (PMASA-2007-8). ChangeLog: * Wed Nov 21 2007 Robert Scheck 2.11.2.2-1 - Upstream released 2.11.2.2 (#393771) * Tue Nov 20 2007 Mike McGrath 2.11.2.1-1 - Upstream released new version * Mon Oct 29 2007 Mike McGrath 2.11.2-1 * upstream released new version * Mon Oct 22 2007 Mike McGrath 2.11.1.2-1 * upstream released new version * Thu Sep 6 2007 Mike McGrath 2.11.0-1 - Upstream released new version - Altered sources file as required - Added proper license * Mon Jul 23 2007 Mike McGrath 2.10.3-1 - Upstream released new version References: [ 1 ] Bug #333661 - phpMyAdmin 2.11.1.2 is released (fixes CVE-2007-5386, CVE-2007-5589) https://bugzilla.redhat.com/show_bug.cgi?id=333661 [ 2 ] Bug #356291 - phpMyAdmin 2.11.2 is released https://bugzilla.redhat.com/show_bug.cgi?id=356291 [ 3 ] Bug #393771 - phpMyAdmin 2.11.2.2 is released https://bugzilla.redhat.com/show_bug.cgi?id=393771 [ 4 ] Bug #385891 - CVE-2007-5976 CVE-2007-5977 phpMyAdmin multiple vulnerabilities [f7] https://bugzilla.redhat.com/show_bug.cgi?id=385891 [ 5 ] Bug #385881 - CVE-2007-5976 db_create SQL Injection https://bugzilla.redhat.com/show_bug.cgi?id=385881 [ 6 ] Bug #385921 - CVE-2007-5977 XSS in db_create https://bugzilla.redhat.com/show_bug.cgi?id=385921 Updated packages: 09480ab0ccfc52b2dbca7b8b653c019073f05a1d phpMyAdmin-2.11.2.2-1.fc7.noarch.rpm 7889835f99bbb18be4f5aa4c8a3cb0c85959ea15 phpMyAdmin-2.11.2.2-1.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-3666 Risk factor : High CVSS Score: 6.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5386 BugTraq ID: 26020 http://www.securityfocus.com/bid/26020 Bugtraq: 20071015 about phpMyAdmin setup.php XSS vulnerability (Google Search) http://www.securityfocus.com/archive/1/482339/100/0/threaded Debian Security Information: DSA-1403 (Google Search) http://www.debian.org/security/2007/dsa-1403 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 http://www.digitrustgroup.com/advisories/TDG-advisory071009a http://osvdb.org/37678 http://secunia.com/advisories/27173 http://secunia.com/advisories/27506 http://secunia.com/advisories/27595 http://www.vupen.com/english/advisories/2007/3469 XForce ISS Database: phpmyadmin-setup-xss(37077) https://exchange.xforce.ibmcloud.com/vulnerabilities/37077 Common Vulnerability Exposure (CVE) ID: CVE-2007-5589 BugTraq ID: 26301 http://www.securityfocus.com/bid/26301 http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html http://osvdb.org/37939 http://secunia.com/advisories/27246 http://secunia.com/advisories/29323 SuSE Security Announcement: SUSE-SR:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://www.vupen.com/english/advisories/2007/3535 XForce ISS Database: phpmyadmin-serverstatus-xss(37292) https://exchange.xforce.ibmcloud.com/vulnerabilities/37292 Common Vulnerability Exposure (CVE) ID: CVE-2007-5976 BugTraq ID: 26512 http://www.securityfocus.com/bid/26512 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00777.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:229 http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html http://secunia.com/advisories/27630 http://secunia.com/advisories/27753 http://www.vupen.com/english/advisories/2007/3824 XForce ISS Database: phpmyadmin-dbcreate-sql-injection(38403) https://exchange.xforce.ibmcloud.com/vulnerabilities/38403 Common Vulnerability Exposure (CVE) ID: CVE-2007-5977 XForce ISS Database: phpmyadmin-dbcreate-xss(38404) https://exchange.xforce.ibmcloud.com/vulnerabilities/38404 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |