FreeBSD : phpmyadmin -- multiple vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

It was possible to manipulate the PHP session superglobal using some
of the Swekey authentication code. This could open a path for other
attacks.

An unsanitized key from the Servers array is written in a comment of
the generated config. An attacker can modify this key by modifying the
SESSION superglobal array. This allows the attacker to close the
comment and inject code.

Through a possible bug in PHP running on Windows systems a NULL byte
can truncate the pattern string allowing an attacker to inject the /e
modifier causing the preg_replace function to execute its second
argument as PHP code.

Fixed filtering of a file path in the MIME-type transformation code,
which allowed for directory traversal.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
http://www.nessus.org/u?7a5cb956

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 55502 ()

Bugtraq ID:

CVE ID: CVE-2011-2505
CVE-2011-2506
CVE-2011-2507
CVE-2011-2508

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now