SUSE-SA:2006:004: phpMyAdmin

This script is Copyright (C) 2006-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin).


Stefan Esser discovered a bug in in the register_globals emulation
of phpMyAdmin that allowes to overwrite variables. An attacker could
exploit the bug to ultimately execute code (CVE-2005-4079).
Additionally several cross-site-scripting bugs were discovered
(CVE-2005-3787, CVE-2005-3665).

We have released a version update to phpMyAdmin-2.7.0-pl2 which
addresses the issues mentioned above.

Solution :

http://www.suse.de/security/advisories/2006_04_phpmyadmin.html

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 20820 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now