phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

Medium Nessus Plugin ID 88985

Synopsis

The remote web server hosts a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities :

- A security bypass vulnerability exists due to the use of the Math.random() JavaScript function which does not provide cryptographically secure random numbers. A remote attacker can exploit this to guess passwords via a brute-force attack. (CVE-2016-1927)

- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)

- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value.
(CVE-2016-2039)

- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)

- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions.
(CVE-2016-2041)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to phpMyAdmin version 4.0.10.13 / 4.4.15.3 / 4.5.4 or later.
Alternatively, apply the patch referenced in the vendor advisory.

See Also

https://www.phpmyadmin.net/security/PMASA-2016-1/

https://www.phpmyadmin.net/security/PMASA-2016-2/

https://www.phpmyadmin.net/security/PMASA-2016-3/

https://www.phpmyadmin.net/security/PMASA-2016-4/

https://www.phpmyadmin.net/security/PMASA-2016-5/

Plugin Details

Severity: Medium

ID: 88985

File Name: phpmyadmin_pmasa_2016_5.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2016/02/26

Updated: 2019/11/20

Dependencies: 17219

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2016-2041

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/PHP, installed_sw/phpMyAdmin, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2015/01/23

Vulnerability Publication Date: 2015/01/23

Reference Information

CVE: CVE-2016-1927, CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, CVE-2016-2041

BID: 81210, 82075, 82076, 82077, 82084