GLSA-201707-03 : phpMyAdmin: Security bypass

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201707-03
(phpMyAdmin: Security bypass)

A vulnerability was discovered where the restrictions caused by
“$cfg[‘Servers’][$i][‘AllowNoPassword’] = false” are bypassed
under certain PHP versions. This can lead compromised user accounts, who
have no passwords set, even if the administrator has set
“$cfg[‘Servers’][$i][‘AllowNoPassword’]” to false (which is
the default).
This behavior depends on the PHP version used (it seems PHP 5 is
affected, while PHP 7.0 is not).

Impact :

A remote attacker, who only needs to know the username, could bypass
security restrictions and access phpMyAdmin.

Workaround :

Set a password for all users.

See also :

https://www.phpmyadmin.net/security/PMASA-2017-8/
https://security.gentoo.org/glsa/201707-03

Solution :

All phpMyAdmin 4.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-db/phpmyadmin-4.0.10.20:4.0.10.20'
All other phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.7.0:4.7.0'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 101334 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now