FreeBSD : phpMyAdmin -- XSS and information disclosure vulnerabilities (a5d4a82a-7153-11e4-88c7-6805ca0b3d42)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

- With a crafted database, table or column name it is possible to
trigger an XSS attack in the table browse page.

- With a crafted ENUM value it is possible to trigger XSS attacks in
the table print view and zoom search pages.

- With a crafted value for font size it is possible to trigger an XSS
attack in the home page.

These vulnerabilities can be triggered only by someone who is logged
in to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required pages. Moreover, exploitation of the
XSS vulnerability related to the font size requires forgery of the
pma_fontsize cookie.

In the GIS editor feature, a parameter specifying the geometry type
was not correcly validated, opening the door to a local file inclusion
attack.

This vulnerability can be triggered only by someone who is logged in
to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required page.

With a crafted file name it is possible to trigger an XSS in the error
reporting page.

This vulnerability can be triggered only by someone who is logged in
to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required page.

In the error reporting feature, a parameter specifying the file was
not correctly validated, allowing the attacker to derive the line
count of an arbitrary file

This vulnerability can be triggered only by someone who is logged in
to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required page.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
http://www.nessus.org/u?bed40809

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 79402 ()

Bugtraq ID:

CVE ID: CVE-2014-8958
CVE-2014-8959
CVE-2014-8960
CVE-2014-8961

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now