SNS Vulnerability

phpMyAdmin Multiple Vulnerabilities Fixed by 5.1.5

Description

(#Several vulnerabilities were reported in phpMyAdmin:#- CVE-2016-1927: insecure password generation in password suggestion functionality. This vulnerability is due to use of "Math.random()" function which does not provide cryptographically secure random numbers##- CVE-2016-2038 and CVE-2016-2042: multiple installation full path disclosure##- CVE-2016-2039: insecure XSRF/CSRF token due to a weak algorithm##- CVE-2016-2040: multiple cross-site scripting##- CVE-2016-2041: timing attack in the comparison of the XSRF/CSRF token parameter with the value saved in the session##- CVE-2016-2043: cross-site scripting in the table name of the database normalization page##- CVE-2016-2044: multiple installation full path disclosure in the SQL parser##- CVE-2016-2045: cross-site scripting in the SQL editor.##The phpmyadmin packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.##The phpmyadmin packages provided by Debian Squeeze 6 are vulnerable (CVE-2016-1927, CVE-2016-2038, CVE-2016-2040).)

Vulnerable Products

Vulnerable OS:
Fedora (Red Hat) - 22, 23FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8openSUSE (SUSE) - 13.1, 13.2, Leap 42.1Vulnerable Software:
PhpMyAdmin (PhpMyAdmin) - 4.0, 4.0.0-rc1, 4.0.0-rc2, 4.0.0-rc3, 4.0.1, ..., 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4Typo3 (Typo3) -

Solution

Fixed phpmyadmin packages for Debian Jessie 8 are available (CVE-2016-1927, CVE-2016-2039, CVE-2016-2040, CVE-2016-2041).

CVE

CVE-2016-2045
CVE-2016-2044
CVE-2016-2043
CVE-2016-2042
CVE-2016-2041
CVE-2016-2040
CVE-2016-2039
CVE-2016-2038
CVE-2016-1927

References

- phpMyAdmin : Multiple full path disclosure vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-1/
- phpMyAdmin : Unsafe generation of XSRF/CSRF token
https://www.phpmyadmin.net/security/PMASA-2016-2/
- phpMyAdmin : Multiple XSS vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-3/
- phpMyAdmin : Insecure password generation in JavaScript
https://www.phpmyadmin.net/security/PMASA-2016-4/
- phpMyAdmin : Unsafe comparison of XSRF/CSRF token
https://www.phpmyadmin.net/security/PMASA-2016-5/
- phpMyAdmin : Multiple full path disclosure vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-6/
- phpMyAdmin : XSS vulnerability in normalization page
https://www.phpmyadmin.net/security/PMASA-2016-7/
- phpMyAdmin : Full path disclosure vulnerability in SQL parser
https://www.phpmyadmin.net/security/PMASA-2016-8/
- phpMyAdmin : XSS vulnerability in SQL editor
https://www.phpmyadmin.net/security/PMASA-2016-9/
- Debian Security Tracker : phpmyadmin
https://security-tracker.debian.org/tracker/CVE-2016-1927
https://security-tracker.debian.org/tracker/CVE-2016-2038
https://security-tracker.debian.org/tracker/CVE-2016-2039
https://security-tracker.debian.org/tracker/CVE-2016-2040
https://security-tracker.debian.org/tracker/CVE-2016-2041
https://security-tracker.debian.org/tracker/CVE-2016-2042
https://security-tracker.debian.org/tracker/CVE-2016-2043
https://security-tracker.debian.org/tracker/CVE-2016-2044
https://security-tracker.debian.org/tracker/CVE-2016-2045
- VuXML : phpmyadmin -- Unsafe generation of XSRF/CSRF token
http://www.vuxml.org/freebsd/60ab0e93-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Unsafe comparison of XSRF/CSRF token
http://www.vuxml.org/freebsd/71b24d99-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- XSS vulnerability in normalization page
http://www.vuxml.org/freebsd/7694927f-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- XSS vulnerability in SQL editor
http://www.vuxml.org/freebsd/7a59e283-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Multiple XSS vulnerabilities
http://www.vuxml.org/freebsd/6cc06eec-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Full path disclosure vulnerability in SQL parser
http://www.vuxml.org/freebsd/78b4ebfb-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Insecure password generation in JavaScript
http://www.vuxml.org/freebsd/6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Multiple full path disclosure vulnerabilities
http://www.vuxml.org/freebsd/5d6a204f-c60b-11e5-bf36-6805ca0b3d42.html
- VuXML : phpmyadmin -- Multiple full path disclosure vulnerabilities
http://www.vuxml.org/freebsd/740badcb-c60b-11e5-bf36-6805ca0b3d42.html
- DLA 406-1 : phpmyadmin security update
https://lists.debian.org/debian-lts-announce/2016/01/msg00031.html
- FEDORA : Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- FEDORA : Fedora 23 Update: phpMyAdmin-4.5.4.1-1.fc23
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- openSUSE-SU-2016:0357-1: Security update for phpMyAdmin
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- openSUSE-SU-2016:0378-1: Security update to phpMyAdmin 4.4.15.4
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- TYPO3 : Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-007/
- DLA 481-1 : phpmyadmin security update
https://lists.debian.org/debian-lts-announce/2016/05/msg00033.html
- DLA 481-2 : phpmyadmin regression update
https://lists.debian.org/debian-lts-announce/2016/05/msg00048.html
- DSA 3627-1 : phpmyadmin security update
https://lists.debian.org/debian-security-announce/2016/msg00205.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-01-23

Target Type

Client

Possible exploit

Remote