FreeBSD : phpMyAdmin -- XSS and information disclosure vulnerabilities (a5d4a82a-7153-11e4-88c7-6805ca0b3d42)

medium Nessus Plugin ID 79402

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The phpMyAdmin development team reports :

- With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page.

- With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages.

- With a crafted value for font size it is possible to trigger an XSS attack in the home page.

These vulnerabilities can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Moreover, exploitation of the XSS vulnerability related to the font size requires forgery of the pma_fontsize cookie.

In the GIS editor feature, a parameter specifying the geometry type was not correcly validated, opening the door to a local file inclusion attack.

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

With a crafted file name it is possible to trigger an XSS in the error reporting page.

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

In the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary file

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

Solution

Update the affected package.

See Also

https://www.phpmyadmin.net/security/PMASA-2014-13/

https://www.phpmyadmin.net/security/PMASA-2014-14/

https://www.phpmyadmin.net/security/PMASA-2014-15/

https://www.phpmyadmin.net/security/PMASA-2014-16/

http://www.nessus.org/u?0db4922a

Plugin Details

Severity: Medium

ID: 79402

File Name: freebsd_pkg_a5d4a82a715311e488c76805ca0b3d42.nasl

Version: 1.6

Type: local

Published: 11/24/2014

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpMyAdmin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/21/2014

Vulnerability Publication Date: 11/20/2014

Reference Information

CVE: CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961