Test ID:	1.3.6.1.4.1.25623.1.0.68864
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:026 (phpmyadmin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to phpmyadmin announced via advisory MDVSA-2011:026. Multiple vulnerabilities were discovered and corrected in phpmyadmin: When the files README, ChangeLog or LICENSE have been removed from their original place (possibly by the distributor), the scripts used to display these files can show their full path, leading to possible further attacks (CVE-2011-0986). It was possible to create a bookmark which would be executed unintentionally by other users (CVE-2011-0987). The updated packages have been upgraded to the latest versions to mitigate these issues. Affected: Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:026 http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0986 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:026 http://secunia.com/advisories/43478 http://www.vupen.com/english/advisories/2011/0385 XForce ISS Database: phpmyadmin-readme-path-disclosure(65424) https://exchange.xforce.ibmcloud.com/vulnerabilities/65424 Common Vulnerability Exposure (CVE) ID: CVE-2011-0987 BugTraq ID: 46359 http://www.securityfocus.com/bid/46359 Debian Security Information: DSA-2167 (Google Search) http://www.debian.org/security/2011/dsa-2167 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054525.html http://secunia.com/advisories/43324 http://secunia.com/advisories/43391 http://www.vupen.com/english/advisories/2011/0381 http://www.vupen.com/english/advisories/2011/0409 http://www.vupen.com/english/advisories/2011/0512 http://www.vupen.com/english/advisories/2011/0570 XForce ISS Database: phpmyadmin-bookmark-security-bypass(65390) https://exchange.xforce.ibmcloud.com/vulnerabilities/65390
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.