Fedora 9 : phpMyAdmin-2.11.8.1-1.fc9 (2008-6868)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This update solves PMASA-2008-6 (phpMyAdmin security announcement)
from 2008-07-28: Cross-site Framing; XSS in setup.php; see
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 -
[interface] Table list pagination in navi - [profiling] Profiling
causes query to be executed again (really causes a problem in case of
INSERT/UPDATE) - [import] SQL file import very slow on Windows -
[XHTML] problem with tabindex and radio fields - [interface] tabindex
not set correctly - [views] VIEW name created via the GUI was not
protected with backquotes - [interface] Deleting multiple views (space
in name) - [parser] SQL parser removes essential space - [export] CSV
for MS Excel incorrect escaping of double quotes - [interface] Font
size option problem when no config file - [relation] Relationship view
should check for changes - [history] Do not save too big queries in
history - [security] Do not show version info on login screen -
[import] Potential data loss on import resubmit - [export] Safari and
timedate - [import, export] Import/Export fails because of Mac files -
[security] protection against cross- frame scripting and new directive
AllowThirdPartyFraming - [security] possible XSS during setup -
[interface] revert language changing problem introduced with 2.11.7.1
phpMyAdmin 2.11.8.1 is a bugfix-only version containing normal bug
fixes and two security fixes. This version is identical to 2.11.8,
except it includes a fix for a notice about 'lang'.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
https://bugzilla.redhat.com/show_bug.cgi?id=456637
http://www.nessus.org/u?dff8dd45

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 33769 (fedora_2008-6868.nasl)

Bugtraq ID: 30420

CVE ID: CVE-2008-3456
CVE-2008-3457

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now