Detections
Analytics
FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)
high Nessus Plugin ID 55502
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The phpMyAdmin development team reports :It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks.
An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifying the SESSION superglobal array. This allows the attacker to close the comment and inject code.
Through a possible bug in PHP running on Windows systems a NULL byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code.
Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal.
Solution
Update the affected package.See Also
https://www.phpmyadmin.net/security/PMASA-2011-5/
https://www.phpmyadmin.net/security/PMASA-2011-6/
https://www.phpmyadmin.net/security/PMASA-2011-7/
Plugin Details
Severity: High
ID: 55502
File Name: freebsd_pkg_7e4e5c53a56c11e0b18000216aa06fc2.nasl
Version: 1.14
Type: local
Family: FreeBSD Local Security Checks
Published: 7/5/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/3/2011
Vulnerability Publication Date: 7/2/2011
Exploitable With
Elliot (Phpmyadmin 3.x RCE)
Reference Information
CVE: CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508