Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2011.2286
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2286-1)
Summary:	The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-2286-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-2286-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication. CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised. CVE-2011-2507 Regular expression quoting issue in Synchronize code. CVE-2011-2508 Possible directory traversal in MIME-type transformation. CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names. No CVE name yet Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12) The oldstable distribution (lenny) is only affected by CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9. For the stable distribution (squeeze), these problems have been fixed in version 3.3.7-6. For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 3.4.3.2-1. We recommend that you upgrade your phpmyadmin packages. Affected Software/OS: 'phpmyadmin' package(s) on Debian 5, Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2505 Bugtraq: 20110707 phpMyAdmin 3.x Multiple Remote Code Executions (Google Search) http://www.securityfocus.com/archive/1/518804/100/0/threaded Debian Security Information: DSA-2286 (Google Search) http://www.debian.org/security/2011/dsa-2286 http://www.exploit-db.com/exploits/17514/ http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt http://www.openwall.com/lists/oss-security/2011/06/28/2 http://www.openwall.com/lists/oss-security/2011/06/28/6 http://www.openwall.com/lists/oss-security/2011/06/28/8 http://www.openwall.com/lists/oss-security/2011/06/29/11 http://www.osvdb.org/73611 http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/45315 http://securityreason.com/securityalert/8306 Common Vulnerability Exposure (CVE) ID: CVE-2011-2506 http://www.osvdb.org/73612 Common Vulnerability Exposure (CVE) ID: CVE-2011-2507 http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html http://www.osvdb.org/73613 Common Vulnerability Exposure (CVE) ID: CVE-2011-2508 http://www.osvdb.org/73614 Common Vulnerability Exposure (CVE) ID: CVE-2011-2642 BugTraq ID: 48874 http://www.securityfocus.com/bid/48874 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 XForce ISS Database: phpmyadmin-table-print-xss(68750) https://exchange.xforce.ibmcloud.com/vulnerabilities/68750 Common Vulnerability Exposure (CVE) ID: CVE-2011-2719 20110724 phpMyAdmin 3.x Conditional Session Manipulation http://seclists.org/fulldisclosure/2011/Jul/300 http://www.securityfocus.com/archive/1/518967/100/0/threaded 20110804 Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation http://www.securityfocus.com/archive/1/519155/100/0/threaded 45315 45365 45515 48874 74112 http://osvdb.org/74112 8322 http://securityreason.com/securityalert/8322 DSA-2286 FEDORA-2011-9725 FEDORA-2011-9734 MDVSA-2011:124 [oss-security] 20110725 CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 http://www.openwall.com/lists/oss-security/2011/07/25/4 [oss-security] 20110726 Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 http://www.openwall.com/lists/oss-security/2011/07/26/10 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=571cdc6ff4bf375871b594f4e06f8ad3159d1754 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt https://bugzilla.redhat.com/show_bug.cgi?id=725384 phpmyadmin-swekey-file-overwrite(68769) https://exchange.xforce.ibmcloud.com/vulnerabilities/68769
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.