phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

high Nessus Plugin ID 88985

Synopsis

The remote web server hosts a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities :

- A security bypass vulnerability exists due to the use of the Math.random() JavaScript function which does not provide cryptographically secure random numbers. A remote attacker can exploit this to guess passwords via a brute-force attack. (CVE-2016-1927)

- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)

- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value.
(CVE-2016-2039)

- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)

- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions.
(CVE-2016-2041)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to phpMyAdmin version 4.0.10.13 / 4.4.15.3 / 4.5.4 or later.
Alternatively, apply the patch referenced in the vendor advisory.

See Also

https://www.phpmyadmin.net/security/PMASA-2016-1/

https://www.phpmyadmin.net/security/PMASA-2016-2/

https://www.phpmyadmin.net/security/PMASA-2016-3/

https://www.phpmyadmin.net/security/PMASA-2016-4/

https://www.phpmyadmin.net/security/PMASA-2016-5/

Plugin Details

Severity: High

ID: 88985

File Name: phpmyadmin_pmasa_2016_5.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2/26/2016

Updated: 6/4/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2016-2041

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/phpMyAdmin

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 1/23/2015

Vulnerability Publication Date: 1/23/2015

Reference Information

CVE: CVE-2016-1927, CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, CVE-2016-2041

BID: 82076, 82077, 82084, 81210, 82075