Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated phpmyadmin package fixes security vulnerabilities :

In some PHP versions, the preg_replace\(\) function can be tricked
into executing arbitrary PHP code on the server. This is done by
passing a crafted argument as the regular expression, containing a
null byte. phpMyAdmin does not correctly sanitize an argument passed
to preg_replace\(\) when using the Replace table prefix feature,
opening the way to this vulnerability (CVE-2013-3238).

phpMyAdmin can be configured to save an export file on the web server,
via its SaveDir directive. With this in place, it's possible, either
via a crafted filename template or a crafted table name, to save a
double extension file like foobar.php.sql. In turn, an Apache
webserver on which there is no definition for the MIME type sql (the
default) will treat this saved file as a .php script, leading to
remote code execution (CVE-2013-3239).

Solution :

Update the affected phpmyadmin package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66313 ()

Bugtraq ID: 59460
59465

CVE ID: CVE-2013-3238
CVE-2013-3239

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now