Debian DLA-1658-1 : phpmyadmin security update

2019-02-0400:00:00

www.tenable.com

JSON

A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool.

CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVE-2018-19970

A XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

For Debian 8 ‘Jessie’, these problems have been fixed in version 4:4.2.12-2+deb8u4.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1658-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(121555);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2018-19968", "CVE-2018-19970");

  script_name(english:"Debian DLA-1658-1 : phpmyadmin security update");
  script_summary(english:"Checks dpkg output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A couple of vulnerabilities have been discovered in phpmyadmin, MySQL
web administration tool.

CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents
of a local file because of an error in the transformation feature. The
attacker must have access to the phpMyAdmin Configuration Storage
tables, although these can easily be created in any database to which
the attacker has access. An attacker must have valid credentials to
log in to phpMyAdmin; this vulnerability does not allow an attacker to
circumvent the login system.

CVE-2018-19970

A XSS vulnerability was found in the navigation tree, where an
attacker can deliver a payload to a user through a crafted
database/table name.

For Debian 8 'Jessie', these problems have been fixed in version
4:4.2.12-2+deb8u4.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/phpmyadmin"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected phpmyadmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19970");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpmyadmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"phpmyadmin", reference:"4:4.2.12-2+deb8u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxphpmyadminp-cpe:/a:debian:debian_linux:phpmyadmin
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Vendor	Product	Version	CPE
debian	debian_linux	phpmyadmin	p-cpe:/a:debian:debian_linux:phpmyadmin
debian	debian_linux	8.0	cpe:/o:debian:debian_linux:8.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970

lists.debian.org/debian-lts-announce/2019/02/msg00003.html

packages.debian.org/source/jessie/phpmyadmin

JSON

Related for DEBIAN_DLA-1658.NASL