openSUSE Security Update : phpMyAdmin (openSUSE-2016-1021)

critical Nessus Plugin ID 93212

Synopsis

The remote openSUSE host is missing a security update.

Description

phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues :

- Upstream changelog for 4.4.15.8 :

- Improve session cookie code for openid.php and signon.php example files

- Full path disclosure in openid.php and signon.php example files

- Unsafe generation of BlowfishSecret (when not supplied by the user)

- Referrer leak when phpinfo is enabled

- Use HTTPS for wiki links

- Improve SSL certificate handling

- Fix full path disclosure in debugging code

- Administrators could trigger SQL injection attack against users

- other fixes

- Remove Swekey support

- Security fixes: https://www.phpmyadmin.net/security/

- Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)

- PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)

- Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)

- SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)

- Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661)

- Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661)

- Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)

- SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661)

- SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)

- Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661)

- SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661)

- Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661)

- SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)

- Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)

- Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661)

- Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)

- Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)

- Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661)

- Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)

- Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661)

- ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661)

- Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661)

- Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661)

- Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661)

- Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)

Solution

Update the affected phpMyAdmin package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=994313

https://www.phpmyadmin.net/security/

Plugin Details

Severity: Critical

ID: 93212

File Name: openSUSE-2016-1021.nasl

Version: 2.7

Type: local

Agent: unix

Published: 8/30/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:phpmyadmin, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 8/29/2016

Reference Information

CVE: CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609, CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613, CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617, CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6621, CVE-2016-6622, CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626, CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630, CVE-2016-6631, CVE-2016-6632, CVE-2016-6633