Test ID:	1.3.6.1.4.1.25623.1.0.60860
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1557-1)
Summary:	The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-1557-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-1557-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1924 Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. CVE-2008-1567 The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. CVE-2008-1149 Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in. For the stable distribution (etch), these problems have been fixed in version 4:2.9.1.1-7. For the unstable distribution (sid), these problems have been fixed in version 4:2.11.5.2-1. We recommend that you upgrade your phpmyadmin package. Affected Software/OS: 'phpmyadmin' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1149 BugTraq ID: 28068 http://www.securityfocus.com/bid/28068 Debian Security Information: DSA-1557 (Google Search) http://www.debian.org/security/2008/dsa-1557 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00069.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00100.html http://www.gentoo.org/security/en/glsa/glsa-200803-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 http://secunia.com/advisories/29143 http://secunia.com/advisories/29200 http://secunia.com/advisories/29287 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/0731 http://www.vupen.com/english/advisories/2008/0758 XForce ISS Database: phpmyadmin-request-sql-injection(40968) https://exchange.xforce.ibmcloud.com/vulnerabilities/40968 Common Vulnerability Exposure (CVE) ID: CVE-2008-1567 BugTraq ID: 28560 http://www.securityfocus.com/bid/28560 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://www.vupen.com/english/advisories/2008/1037/references XForce ISS Database: phpmyadmin-sessiondata-info-disclosure(41541) https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 Common Vulnerability Exposure (CVE) ID: CVE-2008-1924 BugTraq ID: 28906 http://www.securityfocus.com/bid/28906 http://security.gentoo.org/glsa/glsa-200805-02.xml http://secunia.com/advisories/29944 http://secunia.com/advisories/30034 http://www.vupen.com/english/advisories/2008/1328/references XForce ISS Database: phpmyadmin-unspecified-info-disclosure(41964) https://exchange.xforce.ibmcloud.com/vulnerabilities/41964
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.