Detections
Analytics
Debian DSA-2391-1 : phpmyadmin - several vulnerabilities
medium Nessus Plugin ID 57621
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references.
- CVE-2011-1940, CVE-2011-3181 Cross site scripting was possible in the table tracking feature, allowing a remote attacker to inject arbitrary web script or HTML.
The oldstable distribution (lenny) is not affected by these problems.
Solution
Upgrade the phpmyadmin packages.For the stable distribution (squeeze), these problems have been fixed in version 4:3.3.7-7.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247
https://security-tracker.debian.org/tracker/CVE-2011-4107
https://security-tracker.debian.org/tracker/CVE-2011-1940
https://security-tracker.debian.org/tracker/CVE-2011-3181
Plugin Details
Severity: Medium
ID: 57621
File Name: debian_DSA-2391.nasl
Version: 1.10
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 1/23/2012
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:phpmyadmin, cpe:/o:debian:debian_linux:6.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/22/2012
Reference Information
CVE: CVE-2011-1940, CVE-2011-3181, CVE-2011-4107
DSA: 2391