Test ID:	1.3.6.1.4.1.25623.1.0.61228
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:131 (phpMyAdmin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2008:131. A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.2.2 release. This update provides version 2.11.7 which is the latest stable release of phpMyAdmin and fixes CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, and CVE-2008-2960. No configuration changes should be required since the previous update (version 2.11.2.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:131 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1149 BugTraq ID: 28068 http://www.securityfocus.com/bid/28068 Debian Security Information: DSA-1557 (Google Search) http://www.debian.org/security/2008/dsa-1557 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00069.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00100.html http://www.gentoo.org/security/en/glsa/glsa-200803-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 http://secunia.com/advisories/29143 http://secunia.com/advisories/29200 http://secunia.com/advisories/29287 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/0731 http://www.vupen.com/english/advisories/2008/0758 XForce ISS Database: phpmyadmin-request-sql-injection(40968) https://exchange.xforce.ibmcloud.com/vulnerabilities/40968 Common Vulnerability Exposure (CVE) ID: CVE-2008-1567 BugTraq ID: 28560 http://www.securityfocus.com/bid/28560 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://www.vupen.com/english/advisories/2008/1037/references XForce ISS Database: phpmyadmin-sessiondata-info-disclosure(41541) https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 Common Vulnerability Exposure (CVE) ID: CVE-2008-1924 BugTraq ID: 28906 http://www.securityfocus.com/bid/28906 http://security.gentoo.org/glsa/glsa-200805-02.xml http://secunia.com/advisories/29944 http://secunia.com/advisories/30034 http://www.vupen.com/english/advisories/2008/1328/references XForce ISS Database: phpmyadmin-unspecified-info-disclosure(41964) https://exchange.xforce.ibmcloud.com/vulnerabilities/41964 Common Vulnerability Exposure (CVE) ID: CVE-2008-2960 http://www.openwall.com/lists/oss-security/2008/07/16/11 http://secunia.com/advisories/30813 http://www.vupen.com/english/advisories/2008/1904/references XForce ISS Database: phpmyadmin-libraryfiles-xss(43320) https://exchange.xforce.ibmcloud.com/vulnerabilities/43320
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.