Fedora Local Security Checks : Fedora Core 8 FEDORA-2008-6810 (phpMyAdmin)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.61348

Category: Fedora Local Security Checks

Title: Fedora Core 8 FEDORA-2008-6810 (phpMyAdmin)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to phpMyAdmin
announced via advisory FEDORA-2008-6810.

phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages

Update Information:

This update solves PMASA-2008-6 (phpMyAdmin security announcement) from
2008-07-28: Cross-site Framing
XSS in setup.php
see
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 -
[interface] Table list pagination in navi - [profiling] Profiling causes query
to be executed again (really causes a problem in case of INSERT/UPDATE) -
[import] SQL file import very slow on Windows - [XHTML] problem with tabindex
and radio fields - [interface] tabindex not set correctly - [views] VIEW name
created via the GUI was not protected with backquotes - [interface] Deleting
multiple views (space in name) - [parser] SQL parser removes essential space -
[export] CSV for MS Excel incorrect escaping of double quotes - [interface]
Font size option problem when no config file - [relation] Relationship view
should check for changes - [history] Do not save too big queries in history -
[security] Do not show version info on login screen - [import] Potential data
loss on import resubmit - [export] Safari and timedate - [import, export]
Import/Export fails because of Mac files - [security] protection against cross-
frame scripting and new directive AllowThirdPartyFraming - [security] possible
XSS during setup - [interface] revert language changing problem introduced with
2.11.7.1 phpMyAdmin 2.11.8.1 is a bugfix-only version containing normal bug
fixes and two security fixes. This version is identical to 2.11.8, except it
includes a fix for a notice about lang.

ChangeLog:

* Mon Jul 28 2008 Robert Scheck 2.11.8.1-1
- Upstream released 2.11.8.1 (#456637, #456950)
* Mon Jul 28 2008 Robert Scheck 2.11.8-1
- Upstream released 2.11.8 (#456637)
* Tue Jul 15 2008 Robert Scheck 2.11.7.1-1
- Upstream released 2.11.7.1 (#455520)

References:

[ 1 ] Bug #456637 - phpMyAdmin: Cross-frame scripting and possible XSS during setup
https://bugzilla.redhat.com/show_bug.cgi?id=456637

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-6810

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0095
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://osvdb.org/33257
http://securityreason.com/securityalert/2104
XForce ISS Database: phpmyadmin-darkblueorange-path-disclosure(31223)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31223

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.61348
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2008-6810 (phpMyAdmin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2008-6810. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages Update Information: This update solves PMASA-2008-6 (phpMyAdmin security announcement) from 2008-07-28: Cross-site Framing XSS in setup.php see http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 - [interface] Table list pagination in navi - [profiling] Profiling causes query to be executed again (really causes a problem in case of INSERT/UPDATE) - [import] SQL file import very slow on Windows - [XHTML] problem with tabindex and radio fields - [interface] tabindex not set correctly - [views] VIEW name created via the GUI was not protected with backquotes - [interface] Deleting multiple views (space in name) - [parser] SQL parser removes essential space - [export] CSV for MS Excel incorrect escaping of double quotes - [interface] Font size option problem when no config file - [relation] Relationship view should check for changes - [history] Do not save too big queries in history - [security] Do not show version info on login screen - [import] Potential data loss on import resubmit - [export] Safari and timedate - [import, export] Import/Export fails because of Mac files - [security] protection against cross- frame scripting and new directive AllowThirdPartyFraming - [security] possible XSS during setup - [interface] revert language changing problem introduced with 2.11.7.1 phpMyAdmin 2.11.8.1 is a bugfix-only version containing normal bug fixes and two security fixes. This version is identical to 2.11.8, except it includes a fix for a notice about lang. ChangeLog: * Mon Jul 28 2008 Robert Scheck 2.11.8.1-1 - Upstream released 2.11.8.1 (#456637, #456950) * Mon Jul 28 2008 Robert Scheck 2.11.8-1 - Upstream released 2.11.8 (#456637) * Tue Jul 15 2008 Robert Scheck 2.11.7.1-1 - Upstream released 2.11.7.1 (#455520) References: [ 1 ] Bug #456637 - phpMyAdmin: Cross-frame scripting and possible XSS during setup https://bugzilla.redhat.com/show_bug.cgi?id=456637 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-6810 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0095 http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 http://osvdb.org/33257 http://securityreason.com/securityalert/2104 XForce ISS Database: phpmyadmin-darkblueorange-path-disclosure(31223) https://exchange.xforce.ibmcloud.com/vulnerabilities/31223
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com