Lucene search

K
mageiaGentoo FoundationMGASA-2016-0291
HistoryAug 31, 2016 - 6:32 p.m.

Updated phpmyadmin packages fix security vulnerability

2016-08-3118:32:33
Gentoo Foundation
advisories.mageia.org
11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.051 Low

EPSS

Percentile

92.8%

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user’s browser cookie file to decrypt the username and password. Also, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same (CVE-2016-6606). In phpMyAdmin before 4.4.15.8, multiple vulnerabilities have been discovered in the following areas of phpMyAdmin: Zoom search, GIS editor, Relation view, several Transformations, XML export, MediaWiki export, Designer, when the MySQL server is running with a specially-crafted log_bin directive, Database tab, Replication feature, and Database search (CVE-2016-6607). In phpMyAdmin before 4.4.15.8, a vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature (CVE-2016-6609). In phpMyAdmin before 4.4.15.8, a full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk (CVE-2016-6610). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality (CVE-2016-6611). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system (CVE-2016-6612). In phpMyAdmin before 4.4.15.8, a vulnerability was found where a user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user (CVE-2016-6613). In phpMyAdmin before 4.4.15.8, a vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system (CVE-2016-6614). In phpMyAdmin before 4.4.15.8, multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature, the “Tracking” feature, and GIS visualization feature (CVE-2016-6615). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the following features where a user can execute an SQL injection attack against the account of the control user: User group Designer (CVE-2016-6616). In phpMyAdmin before 4.4.15.8, a vulnerability was found in the transformation feature allowing a user to trigger a denial-of-service (DOS) attack against the server (CVE-2016-6618). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user (CVE-2016-6619). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where some data is passed to the PHP unserialize() function without verification that it’s valid serialized data. A malicious user may be able to manipulate the stored data in a way to result in code being loaded and executed (CVE-2016-6620). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an unauthenticated user is able to execute a denial-of-service (DOS) attack by forcing persistent connections when phpMyAdmin is running with $cfg[‘AllowArbitraryServer’]=true; (CVE-2016-6622). In phpMyAdmin before 4.4.15.8, a vulnerability has been reported where a malicious authorized user can cause a denial-of-service (DOS) attack on a server by passing large values to a loop (CVE-2016-6623). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules (CVE-2016-6624). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where an attacker can determine whether a user is logged in to phpMyAdmin (CVE-2016-6625). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker could redirect a user to a malicious web page (CVE-2016-6626). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker can determine the phpMyAdmin host location through the file url.php (CVE-2016-6627). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker may be able to trigger a user to download a specially crafted malicious SVG file (CVE-2016-6628). In phpMyAdmin before 4.4.15.8, a vulnerability was reported with the $cfg[‘ArbitraryServerRegexp’] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp (CVE-2016-6629). In phpMyAdmin before 4.4.15.8, an authenticated user can trigger a denial-of-service (DOS) attack by entering a very long password at the change password dialog (CVE-2016-6630). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh (CVE-2016-6631). In phpMyAdmin before 4.4.15.8, a flaw was discovered where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files (CVE-2016-6632). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations (CVE-2016-6633).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchphpmyadmin< 4.4.15.8-1phpmyadmin-4.4.15.8-1.mga5

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.051 Low

EPSS

Percentile

92.8%