 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.55792 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-880-1) |
| Summary: | The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-880-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'phpmyadmin' package(s) announced via the DSA-880-1 advisory. Vulnerability Insight: Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2869 Andreas Kerber and Michal Cihar discovered several cross-site scripting vulnerabilities in the error page and in the cookie login. CVE-2005-3300 Stefan Esser discovered missing safety checks in grab_globals.php that could allow an attacker to induce phpmyadmin to include an arbitrary local file. CVE-2005-3301 Tobias Klein discovered several cross-site scripting vulnerabilities that could allow attackers to inject arbitrary HTML or client-side scripting. The version in the old stable distribution (woody) has probably its own flaws and is not easily fixable without a full audit and patch session. The easier way is to upgrade it from woody to sarge. For the stable distribution (sarge) these problems have been fixed in version 2.6.2-3sarge1. For the unstable distribution (sid) these problems have been fixed in version 2.6.4-pl3-1. We recommend that you upgrade your phpmyadmin package. Affected Software/OS: 'phpmyadmin' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-2869 Debian Security Information: DSA-880 (Google Search) http://www.debian.org/security/2005/dsa-880 http://secunia.com/advisories/16605 http://secunia.com/advisories/17337 http://secunia.com/advisories/17559 http://secunia.com/advisories/17607 SuSE Security Announcement: SUSE-SA:2005:066 (Google Search) http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) SuSE Security Announcement: SUSE-SR:2005:028 (Google Search) http://www.novell.com/linux/security/advisories/2005_28_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2005-3300 BugTraq ID: 15169 http://www.securityfocus.com/bid/15169 Bugtraq: 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=113017591414699&w=2 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478. http://www.gentoo.org/security/en/glsa/glsa-200510-21.xml http://www.hardened-php.net/advisory_162005.73.html http://securitytracker.com/id?1015091 http://secunia.com/advisories/17289/ XForce ISS Database: phpmyadmin-multiple-scripts-file-include(22835) https://exchange.xforce.ibmcloud.com/vulnerabilities/22835 Common Vulnerability Exposure (CVE) ID: CVE-2005-3301 BugTraq ID: 15196 http://www.securityfocus.com/bid/15196 http://www.vupen.com/english/advisories/2005/2179 Common Vulnerability Exposure (CVE) ID: CVE-2005-3787 BugTraq ID: 16389 http://www.securityfocus.com/bid/16389 http://secunia.com/advisories/17578 http://secunia.com/advisories/18618 SuSE Security Announcement: SUSE-SA:2006:004 (Google Search) http://www.securityfocus.com/archive/1/423142/100/0/threaded |
| Copyright | Copyright (C) 2008 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |