phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

Medium Nessus Network Monitor Plugin ID 9115

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

Versions of phpMyAdmin 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, and 4.5.x prior to 4.5.4 are unpatched for the following vulnerabilities :

- A security bypass vulnerability exists due to the use of the 'Math.random()' JavaScript function which does not provide cryptographically secure random numbers. A remote attacker can exploit this to guess passwords via a brute-force attack. (CVE-2016-1927)
- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)
- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value. (CVE-2016-2039)
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)
- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions. (CVE-2016-2041)

Solution

Upgrade to phpMyAdmin 4.0.10.13 / 4.4.15.3 / 4.5.4 or later. Alternatively, apply the patch referenced in the vendor advisory.

See Also

https://www.phpmyadmin.net/security

https://www.phpmyadmin.net/security/PMASA-2016-1

https://www.phpmyadmin.net/security/PMASA-2016-2

https://www.phpmyadmin.net/security/PMASA-2016-3

https://www.phpmyadmin.net/security/PMASA-2016-4

https://www.phpmyadmin.net/security/PMASA-2016-5

Plugin Details

Severity: Medium

ID: 9115

Family: CGI

Published: 2016/03/02

Modified: 2016/03/02

Dependencies: 9102

Nessus ID: 88985

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 4.2

Temporal Score: 4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Patch Publication Date: 2016/01/23

Vulnerability Publication Date: 2016/01/23

Reference Information

CVE: CVE-2016-2039, CVE-2016-2038, CVE-2016-2040, CVE-2016-2041, CVE-2016-1927

BID: 81210, 82075, 82076, 82077, 82084