|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200407-22] phpMyAdmin: Multiple vulnerabilities Vulnerability Assessment Details
|
[GLSA-200407-22] phpMyAdmin: Multiple vulnerabilities |
||
phpMyAdmin: Multiple vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200407-22 (phpMyAdmin: Multiple vulnerabilities) Two serious vulnerabilities exist in phpMyAdmin. The first permits any user to alter the server configuration variables (including host, name, and password) by appending new settings to the array variables that hold the configuration in a GET statement. The second permits users to include arbitrary PHP code to be executed within an eval() statement in table name configuration settings. This second vulnerability is only exploitable if $cfg['LeftFrameLight'] is set to FALSE. Impact Authenticated users can alter configuration variables for their running copy of phpMyAdmin. The impact of this should be minimal. However, the second vulnerability would permit an authenticated user to execute arbitrary PHP code with the permissions of the webserver, potentially permiting a serious Denial of Service or further remote compromise. Workaround The second, more serious vulnerability is only exploitable if $cfg['LeftFrameLight'] is set to FALSE. In the default Gentoo installation, this is set to TRUE. There is no known workaround for the first. References: http://www.securityfocus.com/archive/1/367486 Solution: All phpMyAdmin users should upgrade to the latest version: # emerge sync # emerge -pv ">=dev-db/phpmyadmin-2.5.7_p1" # emerge ">=dev-db/phpmyadmin-2.5.7_p1" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
AUDIO CODES MP-114 VOIP Gateway Open Box
$37.49
$199.99
VoIP IP Phone SIP WAN FV6020 Fanvil Gigabit Office Support IAX IAX2
$35.56
Grandstream GS-HT802 2 Port Analog Telephone Adapter VoIP Phone & Device, Black
$32.00
Cisco CP-7945G VOIP Phone With Stand & Handset Business IP Phone 7945
$3.00
NEW Mitel ShoreTel 480G Black 8 Line VoIP Business Phone IP480G
$60.00
New Cisco 7945G IP VoIP Gigabit GIGE Telephone Phone CP-7945G -
$24.95
Snom D735 SIP VOIP IP PoE Phone
$44.99
Cisco 8841 CP-8841-K9 VoIP Business IP Phone (Charcoal)
$49.00
Yealink T54W IP Phone, 16 VoIP Accounts. 4.3-Inch Color Display - Black
$99.99
|
||
No Discussions have been posted on this vulnerability. |