Test ID:	1.3.6.1.4.1.25623.1.0.831441
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin)
Summary:	The remote host is missing an update for the 'phpmyadmin'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'phpmyadmin' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been discovered and corrected in phpmyadmin: libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a remote variable manipulation vulnerability. (CVE-2011-2505). setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array (CVE-2011-2506). libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array (CVE-2011-2507). Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][->name][transformation] parameter (CVE-2011-2508). Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name (CVE-2011-2642). Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter (CVE-2011-2643). Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php (CVE-2011-2718). libraries/auth/swekey/swekey.auth.lib ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: phpmyadmin on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2505 Bugtraq: 20110707 phpMyAdmin 3.x Multiple Remote Code Executions (Google Search) http://www.securityfocus.com/archive/1/518804/100/0/threaded Debian Security Information: DSA-2286 (Google Search) http://www.debian.org/security/2011/dsa-2286 http://www.exploit-db.com/exploits/17514/ http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt http://www.openwall.com/lists/oss-security/2011/06/28/2 http://www.openwall.com/lists/oss-security/2011/06/28/6 http://www.openwall.com/lists/oss-security/2011/06/28/8 http://www.openwall.com/lists/oss-security/2011/06/29/11 http://www.osvdb.org/73611 http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/45315 http://securityreason.com/securityalert/8306 Common Vulnerability Exposure (CVE) ID: CVE-2011-2506 http://www.osvdb.org/73612 Common Vulnerability Exposure (CVE) ID: CVE-2011-2507 http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html http://www.osvdb.org/73613 Common Vulnerability Exposure (CVE) ID: CVE-2011-2508 http://www.osvdb.org/73614 Common Vulnerability Exposure (CVE) ID: CVE-2011-2642 BugTraq ID: 48874 http://www.securityfocus.com/bid/48874 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 XForce ISS Database: phpmyadmin-table-print-xss(68750) https://exchange.xforce.ibmcloud.com/vulnerabilities/68750 Common Vulnerability Exposure (CVE) ID: CVE-2011-2643 XForce ISS Database: phpmyadmin-mimetype-file-include(68767) https://exchange.xforce.ibmcloud.com/vulnerabilities/68767 Common Vulnerability Exposure (CVE) ID: CVE-2011-2718 45365 45515 48874 74111 http://osvdb.org/74111 FEDORA-2011-9725 FEDORA-2011-9734 MDVSA-2011:124 [oss-security] 20110725 CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 http://www.openwall.com/lists/oss-security/2011/07/25/4 [oss-security] 20110726 Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 http://www.openwall.com/lists/oss-security/2011/07/26/10 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php https://bugzilla.redhat.com/show_bug.cgi?id=725383 phpmyadmin-schema-file-include(68768) https://exchange.xforce.ibmcloud.com/vulnerabilities/68768 Common Vulnerability Exposure (CVE) ID: CVE-2011-2719 20110724 phpMyAdmin 3.x Conditional Session Manipulation http://seclists.org/fulldisclosure/2011/Jul/300 http://www.securityfocus.com/archive/1/518967/100/0/threaded 20110804 Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation http://www.securityfocus.com/archive/1/519155/100/0/threaded 45315 74112 http://osvdb.org/74112 8322 http://securityreason.com/securityalert/8322 DSA-2286 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=571cdc6ff4bf375871b594f4e06f8ad3159d1754 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt https://bugzilla.redhat.com/show_bug.cgi?id=725384 phpmyadmin-swekey-file-overwrite(68769) https://exchange.xforce.ibmcloud.com/vulnerabilities/68769
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.