Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:163 (phpmyadmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67915

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:163 (phpmyadmin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to phpmyadmin
announced via advisory MDVSA-2010:163.

Multiple vulnerabilities has been found and corrected in phpmyadmin:

The setup script used to generate configuration can be fooled using
a crafted POST request to include arbitrary PHP code in generated
configuration file. Combined with the ability to save files on the
server, this can allow unauthenticated users to execute arbitrary
PHP code (CVE-2010-3055).

It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable
for these security issues.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:163

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3055
BugTraq ID: 42591
http://www.securityfocus.com/bid/42591
Debian Security Information: DSA-2097 (Google Search)
http://www.debian.org/security/2010/dsa-2097
http://www.mandriva.com/security/advisories?name=MDVSA-2010:163
http://secunia.com/advisories/41058
http://secunia.com/advisories/41185
http://www.vupen.com/english/advisories/2010/2223
http://www.vupen.com/english/advisories/2010/2231
Common Vulnerability Exposure (CVE) ID: CVE-2010-3056
BugTraq ID: 42584
http://www.securityfocus.com/bid/42584
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:164
http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29
http://secunia.com/advisories/41000

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67915
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:163 (phpmyadmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to phpmyadmin announced via advisory MDVSA-2010:163. Multiple vulnerabilities has been found and corrected in phpmyadmin: The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code (CVE-2010-3055). It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages (CVE-2010-3056). This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:163 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3055 BugTraq ID: 42591 http://www.securityfocus.com/bid/42591 Debian Security Information: DSA-2097 (Google Search) http://www.debian.org/security/2010/dsa-2097 http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://secunia.com/advisories/41058 http://secunia.com/advisories/41185 http://www.vupen.com/english/advisories/2010/2223 http://www.vupen.com/english/advisories/2010/2231 Common Vulnerability Exposure (CVE) ID: CVE-2010-3056 BugTraq ID: 42584 http://www.securityfocus.com/bid/42584 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29 http://secunia.com/advisories/41000
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com