SNS Vulnerability

phpMyAdmin Multiple Vulnerabilities Fixed by 4.6.3, 4.4.15.7, and 4.0.10.16

Description

(#Several vulnerabilities have been identified in PHPMyAdmin:#- CVE-2016-5701: a remote attacker could exploit it in order to inject BBCode against HTTP sessions via a specially crafted URI. The vulnerability is located in "setup/frames/index.inc.php"##- CVE-2016-5702: a remote attacker could exploit it in order to to conduct cookie-attribute injection attacks via a specially crafted URI. This vulnerability exists when the environment lacks a PHP_SELF value##- CVE-2016-5703: SQL injection. A remote attacker could exploit it in order to execute arbitrary SQL commands via a specially crafted database name. The vulnerability is located in "libraries/central_columns.lib.php"##- CVE-2016-5704: cross-site scripting in the table-structure page. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link##- CVE-2016-5705: multiple cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability can be exploited via those vectors: server-privileges certificate data fields on the user privileges page; an "invalid JSON" error message in the error console; a database name in the central columns implementation; a group name; or a search name in the bookmarks implementation##- CVE-2016-5706: a remote attacker could exploit it in order to cause a denial of service via a large array in the scripts parameter. The vulnerability is located in "js/get_scripts.js.php"##- CVE-2016-5730: information disclosure. A remote attacker could exploit it in order to obtain sensitive information. The vulnerability can be exploited via those vectors: an array value to FormDisplay.php; incorrect data to validate.php; unexpected data to Validator.php; a missing config directory during setup; an incorrect OpenID identifier data type revealing the full path in an error message##- CVE-2016-5731: multiple cross-site scripting in "examples/openid.php". A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability can be exploited via an OpenID error message##- CVE-2016-5732: multiple cross-site scripting in the partition-range implementation in "templates/table/structure/display_partitions.phtml". A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability can be exploited via crafted table parameters##- CVE-2016-5733: multiple cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability can be exploited via those vectors: a crafted table name in table_row.phtml; a crafted mysqld log_bin directive in log_selector.phtml; the Transformation implementation; AJAX error handling in js/ajax.js; the Designer implementation; the charts implementation in js/tbl_chart.js; the zoom-search implementation in rows_zoom.phtml##- CVE-2016-5734: a remote attacker could exploit it in order to execute arbitrary PHP code via a specially crafted string##- CVE-2016-5739: no no-referrer Content Security Policy (CSP) protection mechanism in the Transformation implementation. A remote attacker could exploit it in order to conduct CSRF attacks by reading an authentication token in a Referer header.##The phpmyadmin packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.#Updated, 30/07/2016:#An exploitation code is available for the CVE-2016-5734 vulnerability.)

Vulnerable Products

Vulnerable OS:
Fedora (Red Hat) - 22, 23, 24FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 7, 8openSUSE (SUSE) - 13.2, Leap 42.1Vulnerable Software:
PhpMyAdmin (PhpMyAdmin) - 4.0, 4.0.1, 4.0.10, 4.0.10.1, 4.0.10.10, ..., 4.4.6.0, 4.4.6.1, 4.6.0, 4.6.1, 4.6.2Typo3 (Typo3) -

Solution

Version 5.1.7 of phpMyAdmin plugin for TYPO3 fixes these vulnerabilities.

CVE

CVE-2016-5739
CVE-2016-5734
CVE-2016-5733
CVE-2016-5732
CVE-2016-5731
CVE-2016-5730
CVE-2016-5706
CVE-2016-5705
CVE-2016-5704
CVE-2016-5703
CVE-2016-5702
CVE-2016-5701

References

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-06-23

Target Type

Server

Possible exploit

Remote