GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201201-01
(phpMyAdmin: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in phpMyAdmin. Please
review the CVE identifiers and phpMyAdmin Security Advisories referenced
below for details.

Impact :

Remote attackers might be able to insert and execute PHP code, include
and execute local PHP files, or perform Cross-Site Scripting (XSS)
attacks via various vectors.

Workaround :

There is no known workaround at this time.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
http://www.gentoo.org/security/en/glsa/glsa-201201-01.xml

Solution :

All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-3.4.9'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true