Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1821.NASL
HistoryJun 18, 2019 - 12:00 a.m.

Debian DLA-1821-1 : phpmyadmin security update

2019-06-1800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web administration tool, which prevent possible SQL injection attacks, CSRF, the bypass of user restrictions, information disclosure or denial of service.

For Debian 8 ‘Jessie’, these problems have been fixed in version 4:4.2.12-2+deb8u6.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1821-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(125957);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6624", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9861", "CVE-2016-9864", "CVE-2019-12616");

  script_name(english:"Debian DLA-1821-1 : phpmyadmin security update");
  script_summary(english:"Checks dpkg output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL
web administration tool, which prevent possible SQL injection attacks,
CSRF, the bypass of user restrictions, information disclosure or
denial of service.

For Debian 8 'Jessie', these problems have been fixed in version
4:4.2.12-2+deb8u6.

We recommend that you upgrade your phpmyadmin packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/phpmyadmin"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected phpmyadmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6631");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpmyadmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"phpmyadmin", reference:"4:4.2.12-2+deb8u6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxphpmyadminp-cpe:/a:debian:debian_linux:phpmyadmin
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

References

Related

osv 11
debian 3
openvas 20
nessus 17
mageia 3
freebsd 3
suse 3
alpinelinux 17
prion 21
phpmyadmin 17
debiancve 17
ubuntucve 17
cve 21
github 7
zdt 1
veracode 1
gentoo 1
exploitpack 1
nuclei 1
checkpoint_advisories 1
packetstorm 1
fedora 4
exploitdb 1
hackerone 1
typo3 1
ubuntu 2
osv
osv
phpmyadmin - security update
2019-06-16 00:00:00
phpmyadmin - security update
2016-12-24 00:00:00
phpmyadmin - security update
2016-09-17 00:00:00
debian
debian
[SECURITY] [DLA 1821-1] phpmyadmin security update
2019-06-17 20:41:59
[SECURITY] [DLA 626-1] phpmyadmin security update
2016-09-17 21:19:36
[SECURITY] [DLA 757-1] phpmyadmin security update
2016-12-24 22:29:29
openvas
openvas
Debian: Security Advisory (DLA-1821-1)
2019-06-18 00:00:00
Debian: Security Advisory (DLA-757-1)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-626-1)
2023-03-08 00:00:00
nessus
nessus
Debian DLA-757-1 : phpmyadmin security update
2016-12-27 00:00:00
Debian DLA-626-1 : phpmyadmin security update
2016-09-19 00:00:00
phpMyAdmin 4.0.x < 4.0.10.17 / 4.4.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities (PMASA-2016-29 - PMASA-2016-56) (deprecated)
2016-11-21 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerability
2016-08-31 18:32:33
Updated phpmyadmin packages fix security vulnerability
2016-12-09 11:42:46
Updated phpmyadmin packages fix security vulnerabilities
2019-06-21 04:07:01
freebsd
freebsd
phpmyadmin -- multiple vulnerabilities
2016-08-17 00:00:00
phpMyAdmin -- CSRF vulnerability in login form
2019-06-04 00:00:00
phpMyAdmin -- multiple vulnerabilities
2016-11-25 00:00:00
suse
suse
Security update for phpMyAdmin (important)
2016-08-29 11:09:35
Security update for phpMyAdmin (moderate)
2019-08-14 00:00:00
Security update for phpMyAdmin (moderate)
2019-07-02 00:00:00
alpinelinux
alpinelinux
CVE-2016-6607
2016-12-11 02:59:00
CVE-2016-9861
2016-12-11 03:00:00
CVE-2016-6611
2016-12-11 02:59:00
prion
prion
Code injection
2016-12-11 03:00:00
Design/Logic Flaw
2016-12-11 02:59:00
Design/Logic Flaw
2016-12-11 02:59:00
phpmyadmin
phpmyadmin
Multiple SQL injection vulnerabilities
2016-11-25 00:00:00
Local file exposure
2016-07-12 00:00:00
Bypass white-list protection for URL redirection
2016-11-25 00:00:00
debiancve
debiancve
CVE-2016-9864
2016-12-11 03:00:00
CVE-2016-9861
2016-12-11 03:00:00
CVE-2016-6626
2016-12-11 02:59:00
ubuntucve
ubuntucve
CVE-2016-6628
2016-12-11 00:00:00
CVE-2016-6607
2016-12-11 00:00:00
CVE-2016-6631
2016-12-11 00:00:00
cve
cve
CVE-2016-9861
2016-12-11 03:00:00
CVE-2016-6613
2016-12-11 02:59:00
CVE-2016-9864
2016-12-11 03:00:00
github
github
phpMyAdmin Local file exposure through symlinks with UploadDir
2022-05-17 02:37:25
phpMyAdmin Denial of service (DOS) attack with dbase extension
2022-05-17 02:37:10
phpMyAdmin Local file exposure
2022-05-17 02:37:25
zdt
zdt
phpMyAdmin 4.8 - Cross-Site Request Forgery Vulnerability
2019-06-11 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-06-05 11:43:53
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2017-01-11 00:00:00
exploitpack
exploitpack
phpMyAdmin 4.8 - Cross-Site Request Forgery
2019-06-11 00:00:00
nuclei
nuclei
phpMyAdmin <4.9.0 - Cross-Site Request Forgery
2021-07-16 17:57:01
checkpoint_advisories
checkpoint_advisories
phpMyAdmin Cross-Site Request Forgery (CVE-2019-12616)
2019-06-19 00:00:00
packetstorm
packetstorm
phpMyAdmin 4.8 Cross Site Request Forgery
2019-06-11 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.0.1-1.fc29
2019-06-14 02:17:13
[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.0.1-1.fc30
2019-06-14 00:55:17
[SECURITY] Fedora 30 Update: php-phpmyadmin-sql-parser-4.3.2-1.fc30
2019-06-14 00:55:18
exploitdb
exploitdb
phpMyAdmin 4.8 - Cross-Site Request Forgery
2019-06-11 00:00:00
hackerone
hackerone
QIWI: gifts.flocktory.com/phpmyadmin is vulnerable csrf
2021-02-28 10:10:41
typo3
typo3
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
2019-06-25 00:00:00
ubuntu
ubuntu
phpMyAdmin vulnerabilities
2021-03-16 00:00:00
phpMyAdmin vulnerabilities
2020-11-19 00:00:00
JSON
Related for DEBIAN_DLA-1821.NASL
osv11debian3openvas20nessus17mageia3freebsd3suse3alpinelinux17prion21phpmyadmin17debiancve17ubuntucve17cve21github7zdt1veracode1gentoo1exploitpack1nuclei1checkpoint_advisories1packetstorm1fedora4exploitdb1hackerone1typo31ubuntu2