Synopsis
The remote Mandriva Linux host is missing a security update.
Description
Updated phpmyadmin package fixes security vulnerabilities :
In some PHP versions, the preg_replace\(\) function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument passed to preg_replace\(\) when using the Replace table prefix feature, opening the way to this vulnerability (CVE-2013-3238).
phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either via a crafted filename template or a crafted table name, to save a double extension file like foobar.php.sql. In turn, an Apache webserver on which there is no definition for the MIME type sql (the default) will treat this saved file as a .php script, leading to remote code execution (CVE-2013-3239).
Solution
Update the affected phpmyadmin package.
Plugin Details
File Name: mandriva_MDVSA-2013-160.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:phpmyadmin, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 5/3/2013
Exploitable With
Core Impact
Metasploit (phpMyAdmin Authenticated Remote Code Execution via preg_replace())