Arch Linux Security Advisory ASA-201606-25
=========================================
Severity: High
Date    : 2016-06-25
CVE-ID  : CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704 
          CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731
	  CVE-2016-5732 CVE-2016-5732 CVE-2016-5733 CVE-2016-5739
Package : phpmyadmin
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package phpmyadmin before version 4.6.3-1 is vulnerable to multiple 
issues.

Resolution
=========
Upgrade to 4.6.3-1.

# pacman -Syu "phpmyadmin>=4.6.3-1"

The problems have been fixed upstream in version 4.6.3.

Workaround
=========
None.

Description
==========
- CVE-2016-5702 (cookie attribute injection)

A vulnerability was found where, under some circumstances, an attacker 
can inject arbitrary values in the browser cookies.
Only affected when PHP_SELF is not set.

- CVE-2016-5703 (SQL injection)

A vulnerability was discovered that allows an SQL injection attack to 
run arbitrary commands as the control user.

This attack requires a controluser to exist and be configured in
`config.inc.php`, therefore the attack can be mitigated by temporarily 
disabling the controluser.

- CVE-2016-5704 (cross-side scripting)

An cross-side scripting vulnerability was discovered on the table 
structure page

- CVE-2016-5705 (cross-side scripting)

 * An cross-side scripting vulnerability was discovered on the user 
   privileges page.
 * An cross-side scripting vulnerability was discovered in the error
   console.
 * An cross-side scripting vulnerability was discovered in the central
   columns feature.
 * An cross-side scripting vulnerability was discovered in the
   query bookmarks feature.
 * An cross-side scripting vulnerability was discovered in the user 
   groups feature.

- CVE-2016-5706 (denial of service)

A Denial Of Service (DOS) attack was discovered in the way phpMyAdmin 
loads some JavaScript files.

- CVE-2016-5730 (information disclosure)

By specially crafting requests in the following areas, it is possible 
to trigger phpMyAdmin to display a PHP error message which contains the 
full path of the directory where phpMyAdmin is installed.

1. Setup script 2. Example OpenID authentication script

To mitigate these issues, it is possible to remove the setup script and 
examples subdirectories: ./setup/ and ./examples/.

- CVE-2016-5731 (cross-side scripting)

With a specially crafted request, it is possible to trigger an 
cross-side scripting attack through the example OpenID authentication 
script.
Only affected when the default php.ini is changed and set html_errors = Off.

- CVE-2016-5732 (cross-side scripting)

A vulnerability was reported allowing a specially crafted table 
parameters to cause an cross-side scripting attack through the table 
structure page.

- CVE-2016-57033 (cross-side scripting)

* A vulnerability was reported allowing a specially crafted table name 
  to cause an cross-side scripting attack through the functionality to 
  check database privileges.
* This cross-side scripting doesn't exist in some translations due to 
  different quotes being used there (eg. Czech).
* A vulnerability was reported allowing a specifically-configured
  MySQL server to execute an cross-side scripting attack. This 
  particular attack requires configuring the MySQL server log_bin 
  directive with the payload.
* Several cross-side scripting vulnerabilities were found with the 
  Transformation feature
* Several cross-side scripting vulnerabilities were found in AJAX error 
  handling
* Several cross-side scripting vulnerabilities were found in the 
  Designer feature
* An cross-side scripting vulnerability was found in the charts feature
* An cross-side scripting vulnerability was found in the zoom search 
  feature

- CVE-2016-5739 (information disclosure)

A vulnerability was reported where a specially crafted Transformation 
could be used to leak information including the authentication token.
This could be used to direct a CSRF attack against a user.

Impact
=====
A remote attacker might be able to access sensitive information, cause 
a denial of service, cause a cross-side scripting attack or cause an 
SQL injection.

References
=========
https://access.redhat.com/security/cve/CVE-2016-5701
https://access.redhat.com/security/cve/CVE-2016-5702
https://access.redhat.com/security/cve/CVE-2016-5703
https://access.redhat.com/security/cve/CVE-2016-5704
https://access.redhat.com/security/cve/CVE-2016-5705
https://access.redhat.com/security/cve/CVE-2016-5706
https://access.redhat.com/security/cve/CVE-2016-5730
https://access.redhat.com/security/cve/CVE-2016-5731
https://access.redhat.com/security/cve/CVE-2016-5732
https://access.redhat.com/security/cve/CVE-2016-5733
https://access.redhat.com/security/cve/CVE-2016-5739
https://www.phpmyadmin.net/security/PMASA-2016-17/
https://www.phpmyadmin.net/security/PMASA-2016-18/
https://www.phpmyadmin.net/security/PMASA-2016-19/
https://www.phpmyadmin.net/security/PMASA-2016-20/
https://www.phpmyadmin.net/security/PMASA-2016-21/
https://www.phpmyadmin.net/security/PMASA-2016-22/
https://www.phpmyadmin.net/security/PMASA-2016-23/
https://www.phpmyadmin.net/security/PMASA-2016-24/
https://www.phpmyadmin.net/security/PMASA-2016-25/
https://www.phpmyadmin.net/security/PMASA-2016-26/
https://www.phpmyadmin.net/security/PMASA-2016-27/
https://www.phpmyadmin.net/security/PMASA-2016-28/

ArchLinux: 201606-25: phpmyadmin: multiple issues

June 25, 2016

Summary

- CVE-2016-5702 (cookie attribute injection) A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHP_SELF is not set.
- CVE-2016-5703 (SQL injection)
A vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user.
This attack requires a controluser to exist and be configured in `config.inc.php`, therefore the attack can be mitigated by temporarily disabling the controluser.
- CVE-2016-5704 (cross-side scripting)
An cross-side scripting vulnerability was discovered on the table structure page
- CVE-2016-5705 (cross-side scripting)
* An cross-side scripting vulnerability was discovered on the user privileges page. * An cross-side scripting vulnerability was discovered in the error console. * An cross-side scripting vulnerability was discovered in the central columns feature. * An cross-side scripting vulnerability was discovered in the query bookmarks feature. * An cross-side scripting vulnerability was discovered in the user groups feature.
- CVE-2016-5706 (denial of service)
A Denial Of Service (DOS) attack was discovered in the way phpMyAdmin loads some JavaScript files.
- CVE-2016-5730 (information disclosure)
By specially crafting requests in the following areas, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.
1. Setup script 2. Example OpenID authentication script
To mitigate these issues, it is possible to remove the setup script and examples subdirectories: ./setup/ and ./examples/.
- CVE-2016-5731 (cross-side scripting)
With a specially crafted request, it is possible to trigger an cross-side scripting attack through the example OpenID authentication script. Only affected when the default php.ini is changed and set html_errors = Off.
- CVE-2016-5732 (cross-side scripting)
A vulnerability was reported allowing a specially crafted table parameters to cause an cross-side scripting attack through the table structure page.
- CVE-2016-57033 (cross-side scripting)
* A vulnerability was reported allowing a specially crafted table name to cause an cross-side scripting attack through the functionality to check database privileges. * This cross-side scripting doesn't exist in some translations due to different quotes being used there (eg. Czech). * A vulnerability was reported allowing a specifically-configured MySQL server to execute an cross-side scripting attack. This particular attack requires configuring the MySQL server log_bin directive with the payload. * Several cross-side scripting vulnerabilities were found with the Transformation feature * Several cross-side scripting vulnerabilities were found in AJAX error handling * Several cross-side scripting vulnerabilities were found in the Designer feature * An cross-side scripting vulnerability was found in the charts feature * An cross-side scripting vulnerability was found in the zoom search feature
- CVE-2016-5739 (information disclosure)
A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user.

Resolution

Upgrade to 4.6.3-1. # pacman -Syu "phpmyadmin>=4.6.3-1"
The problems have been fixed upstream in version 4.6.3.

References

https://access.redhat.com/security/cve/CVE-2016-5701 https://access.redhat.com/security/cve/CVE-2016-5702 https://access.redhat.com/security/cve/CVE-2016-5703 https://access.redhat.com/security/cve/CVE-2016-5704 https://access.redhat.com/security/cve/CVE-2016-5705 https://access.redhat.com/security/cve/CVE-2016-5706 https://access.redhat.com/security/cve/CVE-2016-5730 https://access.redhat.com/security/cve/CVE-2016-5731 https://access.redhat.com/security/cve/CVE-2016-5732 https://access.redhat.com/security/cve/CVE-2016-5733 https://access.redhat.com/security/cve/CVE-2016-5739 https://www.phpmyadmin.net/security/PMASA-2016-17/ https://www.phpmyadmin.net/security/PMASA-2016-18/ https://www.phpmyadmin.net/security/PMASA-2016-19/ https://www.phpmyadmin.net/security/PMASA-2016-20/ https://www.phpmyadmin.net/security/PMASA-2016-21/ https://www.phpmyadmin.net/security/PMASA-2016-22/ https://www.phpmyadmin.net/security/PMASA-2016-23/ https://www.phpmyadmin.net/security/PMASA-2016-24/ https://www.phpmyadmin.net/security/PMASA-2016-25/ https://www.phpmyadmin.net/security/PMASA-2016-26/ https://www.phpmyadmin.net/security/PMASA-2016-27/ https://www.phpmyadmin.net/security/PMASA-2016-28/

Severity
CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731
CVE-2016-5732 CVE-2016-5732 CVE-2016-5733 CVE-2016-5739
Package : phpmyadmin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved