[manjaro-security] [arch-security] [ASA-201606-25] phpmyadmin: multiple issues
Jelle van der Waa
jelle at archlinux.org
Sat Jun 25 21:50:44 CEST 2016
Arch Linux Security Advisory ASA-201606-25
Date : 2016-06-25
CVE-ID : CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704
CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731
CVE-2016-5732 CVE-2016-5732 CVE-2016-5733 CVE-2016-5739
Package : phpmyadmin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package phpmyadmin before version 4.6.3-1 is vulnerable to multiple
Upgrade to 4.6.3-1.
# pacman -Syu "phpmyadmin>=4.6.3-1"
The problems have been fixed upstream in version 4.6.3.
- CVE-2016-5702 (cookie attribute injection)
A vulnerability was found where, under some circumstances, an attacker
can inject arbitrary values in the browser cookies.
Only affected when PHP_SELF is not set.
- CVE-2016-5703 (SQL injection)
A vulnerability was discovered that allows an SQL injection attack to
run arbitrary commands as the control user.
This attack requires a controluser to exist and be configured in
`config.inc.php`, therefore the attack can be mitigated by temporarily
disabling the controluser.
- CVE-2016-5704 (cross-side scripting)
An cross-side scripting vulnerability was discovered on the table
- CVE-2016-5705 (cross-side scripting)
* An cross-side scripting vulnerability was discovered on the user
* An cross-side scripting vulnerability was discovered in the error
* An cross-side scripting vulnerability was discovered in the central
* An cross-side scripting vulnerability was discovered in the
query bookmarks feature.
* An cross-side scripting vulnerability was discovered in the user
- CVE-2016-5706 (denial of service)
A Denial Of Service (DOS) attack was discovered in the way phpMyAdmin
- CVE-2016-5730 (information disclosure)
By specially crafting requests in the following areas, it is possible
to trigger phpMyAdmin to display a PHP error message which contains the
full path of the directory where phpMyAdmin is installed.
1. Setup script 2. Example OpenID authentication script
To mitigate these issues, it is possible to remove the setup script and
examples subdirectories: ./setup/ and ./examples/.
- CVE-2016-5731 (cross-side scripting)
With a specially crafted request, it is possible to trigger an
cross-side scripting attack through the example OpenID authentication
Only affected when the default php.ini is changed and set html_errors = Off.
- CVE-2016-5732 (cross-side scripting)
A vulnerability was reported allowing a specially crafted table
parameters to cause an cross-side scripting attack through the table
- CVE-2016-57033 (cross-side scripting)
* A vulnerability was reported allowing a specially crafted table name
to cause an cross-side scripting attack through the functionality to
check database privileges.
* This cross-side scripting doesn't exist in some translations due to
different quotes being used there (eg. Czech).
* A vulnerability was reported allowing a specifically-configured
MySQL server to execute an cross-side scripting attack. This
particular attack requires configuring the MySQL server log_bin
directive with the payload.
* Several cross-side scripting vulnerabilities were found with the
* Several cross-side scripting vulnerabilities were found in AJAX error
* Several cross-side scripting vulnerabilities were found in the
* An cross-side scripting vulnerability was found in the charts feature
* An cross-side scripting vulnerability was found in the zoom search
- CVE-2016-5739 (information disclosure)
A vulnerability was reported where a specially crafted Transformation
could be used to leak information including the authentication token.
This could be used to direct a CSRF attack against a user.
A remote attacker might be able to access sensitive information, cause
a denial of service, cause a cross-side scripting attack or cause an
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the manjaro-security