Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.SUSE_SA_2006_004.NASL
HistoryJan 29, 2006 - 12:00 a.m.

SUSE-SA:2006:004: phpMyAdmin

2006-01-2900:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
18
JSON

The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin).

Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079).
Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).

We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:004
#


if ( ! defined_func("bn_random") ) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(20820);
 script_version("1.9");
 
 name["english"] = "SUSE-SA:2006:004: phpMyAdmin";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin).


Stefan Esser discovered a bug in in the register_globals emulation
of phpMyAdmin that allowes to overwrite variables. An attacker could
exploit the bug to ultimately execute code (CVE-2005-4079).
Additionally several cross-site-scripting bugs were discovered
(CVE-2005-3787, CVE-2005-3665).

We have released a version update to phpMyAdmin-2.7.0-pl2 which
addresses the issues mentioned above." );
 script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/advisories/2006_04_phpmyadmin.html" );
 script_set_attribute(attribute:"risk_factor", value:"Medium" );



 script_set_attribute(attribute:"plugin_publication_date", value: "2006/01/29");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the phpMyAdmin package";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"phpMyAdmin-2.7.0pl2-1.2", release:"SUSE10.0") )
{
 security_warning(0);
 exit(0);
}
if ( rpm_check( reference:"phpMyAdmin-2.7.0pl2-3", release:"SUSE9.0") )
{
 security_warning(0);
 exit(0);
}
if ( rpm_check( reference:"phpMyAdmin-2.7.0pl2-1.2", release:"SUSE9.1") )
{
 security_warning(0);
 exit(0);
}
if ( rpm_check( reference:"phpMyAdmin-2.7.0pl2-1.2", release:"SUSE9.2") )
{
 security_warning(0);
 exit(0);
}
if ( rpm_check( reference:"phpMyAdmin-2.7.0pl2-1.2", release:"SUSE9.3") )
{
 security_warning(0);
 exit(0);
}

Related

gentoo 1
openvas 9
nessus 4
ubuntucve 3
phpmyadmin 3
debiancve 3
cve 4
seebug 1
freebsd 1
osv 1
debian 2
suse 1
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2005-12-11 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200512-03 (phpmyadmin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200512-03 (phpmyadmin)
2008-09-24 00:00:00
FreeBSD Ports: phpMyAdmin
2008-09-04 00:00:00
nessus
nessus
GLSA-200512-03 : phpMyAdmin: Multiple vulnerabilities
2005-12-15 00:00:00
phpMyAdmin import_blacklist Variable Overwriting
2006-07-31 00:00:00
FreeBSD : phpmyadmin -- XSS vulnerabilities (59ada6e5-676a-11da-99f6-00123ffe8333)
2006-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2005-3787
2005-11-24 00:00:00
CVE-2005-4079
2005-12-08 00:00:00
CVE-2005-3665
2005-12-08 00:00:00
phpmyadmin
phpmyadmin
XSS vulnerabilities
2005-11-23 00:00:00
Cross-Site Scripting, local and remote code execution vulnerabilities
2005-12-07 00:00:00
XSS vulnerabilities
2005-12-05 00:00:00
debiancve
debiancve
CVE-2005-3787
2005-11-24 01:03:00
CVE-2005-4079
2005-12-08 01:03:00
CVE-2005-3665
2005-12-08 11:03:00
cve
cve
CVE-2005-3787
2005-11-24 01:03:00
CVE-2005-4079
2005-12-08 01:03:00
CVE-2005-3665
2005-12-08 11:03:00
seebug
seebug
phpMyAdmin Import_Blacklistε˜ι‡θ¦†η›–ζΌζ΄ž
2008-10-26 00:00:00
freebsd
freebsd
phpmyadmin -- XSS vulnerabilities
2005-12-05 00:00:00
osv
osv
phpmyadmin
2006-11-09 00:00:00
debian
debian
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression
2006-11-19 12:55:33
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities
2006-11-09 18:00:21
suse
suse
remote code execution in phpMyAdmin
2006-01-26 13:53:52
JSON
Related for SUSE_SA_2006_004.NASL
gentoo1openvas9nessus4ubuntucve3phpmyadmin3debiancve3cve4seebug1freebsd1osv1debian2suse1