SUSE-SA:2006:004: phpMyAdmin

medium Nessus Plugin ID 20820

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin).


Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079).
Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).

We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.

Solution

http://www.suse.de/security/advisories/2006_04_phpmyadmin.html

Plugin Details

Severity: Medium

ID: 20820

File Name: suse_SA_2006_004.nasl

Version: 1.9

Agent: unix

Published: 1/29/2006

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list