 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.66102 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1918-1) |
| Summary: | The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-1918-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-1918-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3696 Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. CVE-2009-3697 SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch. Additionally, extra fortification has been added for the web based setup.php script. Although the shipped web server configuration should ensure that this script is protected, in practice this turned out not always to be the case. The config.inc.php file is not writable anymore by the webserver user. See README.Debian for details on how to enable the setup.php script if and when you need it. For the old stable distribution (etch), these problems have been fixed in version 2.9.1.1-13. For the stable distribution (lenny), these problems have been fixed in version 2.11.8.1-5+lenny3. For the unstable distribution (sid), these problems have been fixed in version 3.2.2.1-1. We recommend that you upgrade your phpmyadmin package. Affected Software/OS: 'phpmyadmin' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3696 BugTraq ID: 36658 http://www.securityfocus.com/bid/36658 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00490.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:274 http://marc.info/?l=oss-security&m=125553728512853&w=2 http://marc.info/?l=oss-security&m=125561979001460&w=2 http://secunia.com/advisories/37016 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/2899 XForce ISS Database: phpmyadmin-tablename-xss(53742) https://exchange.xforce.ibmcloud.com/vulnerabilities/53742 Common Vulnerability Exposure (CVE) ID: CVE-2009-3697 XForce ISS Database: phpmyadmin-pdf-sql-injection(53741) https://exchange.xforce.ibmcloud.com/vulnerabilities/53741 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |