|
|
Family: Debian Local Security Checks --> Category: infos
[DSA1207] DSA-1207-2 phpmyadmin Vulnerability Scan
Vulnerability Scan Summary
DSA-1207-2 phpmyadmin
Detailed Explanation for this Vulnerability Test
The phpmyadmin update in DSA 1207 introduced a regression. This update
corrects this flaw. For completeness, please find below the original
advisory text:
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CRLF injection vulnerability allows remote attackers to conduct
HTTP response splitting attacks.
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST
variable and (2) various scripts in the libraries directory that
handle header generation.
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via scripts in the
themes directory.
A cross-site scripting (XSS) vulnerability allows remote attackers
to inject arbitrary web script or HTML via the db parameter of
footer.inc.php.
A remote attacker could overwrite internal variables through the
_FILES global variable.
For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge3.
For the upcoming stable release (etch) and unstable distribution (sid)
these problems have been fixed in version 2.9.0.3-1.
We recommend that you upgrade your phpmyadmin package.
Solution : http://www.debian.org/security/2006/dsa-1207
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
