Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian: DSA 1207-1 Critical: phpMyAdmin XSS and Remote Access Issues

debian
Calendar Grey November 9, 2006
Debian Logo
Debian addresses serious phpMyAdmin security issues, including vulnerabilities to XSS and unauthorized remote access. Update now to safeguard your infrastructure.
The following CVEIDs are addressed: CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116

Summary


CRLF injection vulnerability allows remote attackers to conduct
HTTP response splitting attacks.

CVE-2005-3665

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST
variable and (2) various scripts in the libraries directory that
handle header generation.

CVE-2006-1678

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via scripts in the
themes directory.

CVE-2006-2418

A cross-site scripting (XSS) vulnerability allows remote attackers
to inject arbitrary web script or HTML via the db parameter of
footer.inc.php.

CVE-2006-5116

A remote attacker could overwrite internal variables through the
_FILES global variable.

For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge2.

For the upcoming stable release (etch) and unstable distribution (sid)
...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here