 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.61767 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 9 FEDORA-2008-9316 (phpMyAdmin) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2008-9316. Update Information: This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmd_pdf.php via db parameter when register_globals is enabled. - [GUI] SQL error after sorting a subset - [lang] Catalan update - [lang] Russian update - [import] Temporary uploaded file not deleted - [auth] Cannot create database after session timeout - [core] ForceSSL generates incorrectly escaped redirections (this time with the correct fix) - [lang] Hungarian update - [core] Properly truncate SQL to avoid half of html tags - [lang] Romanian update - [structure] Incorrect index choice shown when modifying an index - [interface] Misleading message after cancelling an action - [lang] Croatian update - [lang] Finnish update - [lang] Polish update - [lang] Japanese update - [privileges] Wrong message when changing password - [core] Cannot disable PMA tables - [lang] Problems with Italian language file - [interface] ShowChgPassword setting not respected - [security] XSS in a Designer component ChangeLog: * Thu Oct 30 2008 Robert Scheck 3.0.1.1-1 - Upstream released 3.0.1.1 (#468974) * Wed Oct 22 2008 Robert Scheck 3.0.1-1 - Upstream released 3.0.1 * Sun Oct 19 2008 Robert Scheck 3.0.0-1 - Upstream released 3.0.0 * Mon Sep 22 2008 Robert Scheck 2.11.9.2-1 - Upstream released 2.11.9.2 (#463260) * Tue Sep 16 2008 Robert Scheck 2.11.9.1-1 - Upstream released 2.11.9.1 (#462430) * Fri Aug 29 2008 Robert Scheck 2.11.9-1 - Upstream released 2.11.9 References: [ 1 ] Bug #468974 - CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled https://bugzilla.redhat.com/show_bug.cgi?id=468974 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9316 Risk factor : Medium CVSS Score: 2.6 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4775 BugTraq ID: 31928 http://www.securityfocus.com/bid/31928 Bugtraq: 20081027 XSS in phpMyadmin (Google Search) http://www.securityfocus.com/archive/1/497815/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html http://security.gentoo.org/glsa/glsa-200903-32.xml http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://securityreason.com/securityalert/4516 http://www.vupen.com/english/advisories/2008/2943 XForce ISS Database: phpmyadmin-pmdpdf-xss(46136) https://exchange.xforce.ibmcloud.com/vulnerabilities/46136 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |