Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-735.NASL
HistoryDec 06, 2014 - 12:00 a.m.

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1561-1)

2014-12-0600:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

phpMyAdmin was updated to fix four security issues.

For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For openSUSE 13.2, phpMyAdmin was updated to to 4.2.12.

These security issues were fixed :

  • XSS vulnerability in error reporting functionality (CVE-2014-8960).

  • Local file inclusion vulnerability (CVE-2014-8959).

  • Multiple XSS vulnerabilities (CVE-2014-8958).

  • Leakage of line count of an arbitrary file (CVE-2014-8961).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-735.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79753);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-8958", "CVE-2014-8959", "CVE-2014-8960", "CVE-2014-8961");

  script_name(english:"openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1561-1)");
  script_summary(english:"Check for the openSUSE-2014-735 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"phpMyAdmin was updated to fix four security issues.

For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For
openSUSE 13.2, phpMyAdmin was updated to to 4.2.12.

These security issues were fixed :

  - XSS vulnerability in error reporting functionality
    (CVE-2014-8960).

  - Local file inclusion vulnerability (CVE-2014-8959).

  - Multiple XSS vulnerabilities (CVE-2014-8958).

  - Leakage of line count of an arbitrary file
    (CVE-2014-8961)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906485"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906486"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906487"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected phpMyAdmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:phpMyAdmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"phpMyAdmin-4.1.14.7-1.32.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"phpMyAdmin-4.1.14.7-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"phpMyAdmin-4.2.12-4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
}
VendorProductVersionCPE
novellopensusephpmyadminp-cpe:/a:novell:opensuse:phpmyadmin
novellopensuse12.3cpe:/o:novell:opensuse:12.3
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

openvas 12
nessus 9
fedora 3
securityvulns 2
mageia 1
freebsd 1
gentoo 1
typo3 1
cve 4
phpmyadmin 4
ubuntucve 4
prion 4
debiancve 4
seebug 1
osv 2
debian 2
openvas
openvas
Fedora Update for phpMyAdmin FEDORA-2014-15535
2014-12-02 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-15538
2014-12-02 00:00:00
Mageia: Security Advisory (MGASA-2014-0495)
2022-01-28 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)
2014-11-27 00:00:00
phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 - PMASA-2014-16)
2014-11-27 00:00:00
Fedora 21 : phpMyAdmin-4.2.12-1.fc21 (2014-15588)
2014-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19
2014-12-01 18:58:07
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.12-1.fc20
2014-12-01 18:55:52
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.12-1.fc21
2014-12-06 10:15:11
securityvulns
securityvulns
[ MDVSA-2014:228 ] phpmyadmin
2014-12-01 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-01 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerabilities
2014-11-26 20:29:06
freebsd
freebsd
phpMyAdmin -- XSS and information disclosure vulnerabilities
2014-11-20 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2015-05-31 00:00:00
typo3
typo3
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
2014-12-08 00:00:00
cve
cve
CVE-2014-8960
2014-11-30 11:59:00
CVE-2014-8961
2014-11-30 11:59:00
CVE-2014-8958
2014-11-30 11:59:00
phpmyadmin
phpmyadmin
XSS vulnerability in error reporting functionality.
2014-11-20 00:00:00
Leakage of line count of an arbitrary file.
2014-11-20 00:00:00
Local file inclusion vulnerability.
2014-11-20 00:00:00
ubuntucve
ubuntucve
CVE-2014-8961
2014-11-30 00:00:00
CVE-2014-8960
2014-11-30 00:00:00
CVE-2014-8959
2014-11-30 00:00:00
prion
prion
Directory traversal
2014-11-30 11:59:00
Cross site scripting
2014-11-30 11:59:00
Cross site scripting
2014-11-30 11:59:00
debiancve
debiancve
CVE-2014-8961
2014-11-30 11:59:00
CVE-2014-8959
2014-11-30 11:59:00
CVE-2014-8960
2014-11-30 11:59:00
seebug
seebug
phpMyAdmin 4.2.12 /gis_data_editor.php ๆœฌๅœฐๆ–‡ไปถๅŒ…ๅซๆผๆดž
2015-05-13 00:00:00
osv
osv
phpmyadmin - security update
2015-10-28 00:00:00
phpmyadmin - security update
2015-10-28 00:00:00
debian
debian
[SECURITY] [DLA 336-1] phpmyadmin security update
2015-10-28 19:55:06
[SECURITY] [DSA 3382-1] phpmyadmin security update
2015-10-28 19:52:25
JSON
Related for OPENSUSE-2014-735.NASL
openvas12nessus9fedora3securityvulns2mageia1freebsd1gentoo1typo31cve4phpmyadmin4ubuntucve4prion4debiancve4seebug1osv2debian2