Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)

Medium Nessus Plugin ID 66313


The remote Mandriva Linux host is missing a security update.


Updated phpmyadmin package fixes security vulnerabilities :

In some PHP versions, the preg_replace\(\) function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument passed to preg_replace\(\) when using the Replace table prefix feature, opening the way to this vulnerability (CVE-2013-3238).

phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either via a crafted filename template or a crafted table name, to save a double extension file like foobar.php.sql. In turn, an Apache webserver on which there is no definition for the MIME type sql (the default) will treat this saved file as a .php script, leading to remote code execution (CVE-2013-3239).


Update the affected phpmyadmin package.

Plugin Details

Severity: Medium

ID: 66313

File Name: mandriva_MDVSA-2013-160.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2013/05/04

Modified: 2013/11/25

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 5.2

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:phpmyadmin, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/03

Exploitable With

Core Impact

Metasploit (phpMyAdmin Authenticated Remote Code Execution via preg_replace())

Reference Information

CVE: CVE-2013-3238, CVE-2013-3239

BID: 59460, 59465

MDVSA: 2013:160

MGASA: 2013-0133