Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2016.406
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-406-1)
Summary:	The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DLA-406-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DLA-406-1 advisory. Vulnerability Insight: Several flaws were discovered in the CSRF authentication code of phpMyAdmin. CVE-2016-2039 The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. CVE-2016-2041 The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. Affected Software/OS: 'phpmyadmin' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2039 Debian Security Information: DSA-3627 (Google Search) http://www.debian.org/security/2016/dsa-3627 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html SuSE Security Announcement: openSUSE-SU-2016:0357 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:0378 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2041
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.