ID de Prueba:	1.3.6.1.4.1.25623.1.0.70681
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:198 (phpmyadmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to phpmyadmin announced via advisory MDVSA-2011:198. Multiple vulnerabilities has been found and corrected in phpmyadmin: Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server) (CVE-2011-4107). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs (CVE-2011-4634). Crafted values entered in the setup interface can produce XSS also, if the config directory exists and is writeable, the XSS payload can be saved to this directory (CVE-2011-4782). Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections (CVE-2011-4780). This upgrade provides the latest phpmyadmin version (3.4.9) to address these vulnerabilities. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:198 http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4107 BugTraq ID: 50497 http://www.securityfocus.com/bid/50497 Debian Security Information: DSA-2391 (Google Search) http://www.debian.org/security/2012/dsa-2391 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html http://seclists.org/fulldisclosure/2011/Nov/21 http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt http://www.wooyun.org/bugs/wooyun-2010-03185 https://bugzilla.redhat.com/show_bug.cgi?id=751112 http://www.openwall.com/lists/oss-security/2011/11/03/3 http://www.openwall.com/lists/oss-security/2011/11/03/5 http://osvdb.org/76798 http://secunia.com/advisories/46447 http://securityreason.com/securityalert/8533 XForce ISS Database: phpmyadmin-xml-info-disclosure(71108) https://exchange.xforce.ibmcloud.com/vulnerabilities/71108 Common Vulnerability Exposure (CVE) ID: CVE-2011-4634 http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html Common Vulnerability Exposure (CVE) ID: CVE-2011-4782 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html XForce ISS Database: phpmyadmin-configfileclass-xss(71938) https://exchange.xforce.ibmcloud.com/vulnerabilities/71938 Common Vulnerability Exposure (CVE) ID: CVE-2011-4780 BugTraq ID: 51226 http://www.securityfocus.com/bid/51226
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.