Date: Fri, 25 Nov 2016 08:16:36 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r427083 - head/security/vuxml Message-ID: <201611250816.uAP8GaT8007712@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Fri Nov 25 08:16:36 2016 New Revision: 427083 URL: https://svnweb.freebsd.org/changeset/ports/427083 Log: Document the latest batch of phpMyAdmin security advisories. All 14 of them. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Nov 25 07:47:11 2016 (r427082) +++ head/security/vuxml/vuln.xml Fri Nov 25 08:16:36 2016 (r427083) @@ -58,6 +58,238 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="6fe72178-b2e3-11e6-8b2a-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.6.0</ge><lt>4.6.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMYAdmin development team reports:</p> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/">; + <h3>Summary</h3> + <p>Open redirection</p> + <h3>Description</h3> + <p>A vulnerability was discovered where a user can be + tricked in to following a link leading to phpMyAdmin, + which after authentication redirects to another + malicious site.</p> + <p>The attacker must sniff the user's valid phpMyAdmin + token.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-58/">; + <h3>Summary</h3> + <p>Unsafe generation of blowfish secret</p> + <h3>Description</h3> + <p>When the user does not specify a blowfish_secret key + for encrypting cookies, phpMyAdmin generates one at + runtime. A vulnerability was reported where the way this + value is created using a weak algorithm.</p> + <p>This could allow an attacker to determine the user's + blowfish_secret and potentially decrypt their + cookies.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + <h3>Mitigation factor</h3> + <p>This vulnerability only affects cookie + authentication and only when a user has not + defined a $cfg['blowfish_secret'] in + their config.inc.php</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-59/">; + <h3>Summary</h3> + <p>phpinfo information leak value of sensitive + (HttpOnly) cookies</p> + <h3>Description</h3> + <p>phpinfo (phpinfo.php) shows PHP information + including values of HttpOnly cookies.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + non-critical.</p> + <h3>Mitigation factor</h3> + <p>phpinfo in disabled by default and needs + to be enabled explicitly.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-60/">; + <h3>Summary</h3> + <p>Username deny rules bypass (AllowRoot & Others) + by using Null Byte</p> + <h3>Description</h3> + <p>It is possible to bypass AllowRoot restriction + ($cfg['Servers'][$i]['AllowRoot']) and deny rules + for username by using Null Byte in the username.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-61/">; + <h3>Summary</h3> + <p>Username rule matching issues</p> + <h3>Description</h3> + <p>A vulnerability in username matching for the + allow/deny rules may result in wrong matches and + detection of the username in the rule due to + non-constant execution time.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-62/">; + <h3>Summary</h3> + <p>Bypass logout timeout</p> + <h3>Description</h3> + <p>With a crafted request parameter value it is possible + to bypass the logout timeout.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-63/">; + <h3>Summary</h3> + <p>Multiple full path disclosure vulnerabilities</p> + <h3>Description</h3> + <p>By calling some scripts that are part of phpMyAdmin in an + unexpected way, it is possible to trigger phpMyAdmin to + display a PHP error message which contains the full path of + the directory where phpMyAdmin is installed. During an + execution timeout in the export functionality, the errors + containing the full path of the directory of phpMyAdmin is + written to the export file.</p> + <h3>Severity</h3> + <p>We consider these vulnerability to be + non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-64/">; + <h3>Summary</h3> + <p>Multiple XSS vulnerabilities</p> + <h3>Description</h3> + <p>Several XSS vulnerabilities have been reported, including + an improper fix for <a href="https://www.phpmyadmin.net/security/PMASA-2016-10/">PMASA-2016-10</a>; and a weakness in a regular expression + using in some JavaScript processing.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be + non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-65/">; + <h3>Summary</h3> + <p>Multiple DOS vulnerabilities</p> + <h3>Description</h3> + <p>With a crafted request parameter value it is possible + to initiate a denial of service attack in saved searches + feature.</p> + <p>With a crafted request parameter value it is possible + to initiate a denial of service attack in import + feature.</p> + <p>An unauthenticated user can execute a denial of + service attack when phpMyAdmin is running with + <code>$cfg['AllowArbitraryServer']=true;</code>.</p> + <h3>Severity</h3> + <p>We consider these vulnerabilities to be of + moderate severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-66/">; + <h3>Summary</h3> + <p>Bypass white-list protection for URL redirection</p> + <h3>Description</h3> + <p>Due to the limitation in URL matching, it was + possible to bypass the URL white-list protection.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-67/">; + <h3>Summary</h3> + <p>BBCode injection vulnerability</p> + <h3>Description</h3> + <p>With a crafted login request it is possible to inject + BBCode in the login page.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + <h3>Mitigation factor</h3> + <p>This exploit requires phpMyAdmin to be configured + with the "cookie" auth_type; other + authentication methods are not affected.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-68/">; + <h3>Summary</h3> + <p>DOS vulnerability in table partitioning</p> + <h3>Description</h3> + <p>With a very large request to table partitioning + function, it is possible to invoke a Denial of Service + (DOS) attack.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-69/">; + <h3>Summary</h3> + <p>Multiple SQL injection vulnerabilities</p> + <h3>Description</h3> + <p>With a crafted username or a table name, it was possible + to inject SQL statements in the tracking functionality that + would run with the privileges of the control user. This + gives read and write access to the tables of the + configuration storage database, and if the control user has + the necessary privileges, read access to some tables of the + mysql database.</p> + <h3>Severity</h3> + <p>We consider these vulnerabilities to be serious.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-70/">; + <h3>Summary</h3> + <p>Incorrect serialized string parsing</p> + <h3>Description</h3> + <p>Due to a bug in serialized string parsing, it was + possible to bypass the protection offered by + PMA_safeUnserialize() function.</p> + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-71/">; + <h3>Summary</h3> + <p>CSRF token not stripped from the URL</p> + <h3>Description</h3> + <p>When the <code>arg_separator</code> is different from its + default value of <code>&</code>, the token was not + properly stripped from the return URL of the preference + import action.</p> + <h3>Severity</h3> + <p>We have not yet determined a severity for this issue.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.phpmyadmin.net/security/PMASA-2016-57/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-58/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-59/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-60/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-61/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-62/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-63/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-64/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-65/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-66/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-67/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-68/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-69/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-70/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-71/</url>; + <cvename>CVE-2016-6632</cvename> + <cvename>CVE-2016-6633</cvename> + <cvename>CVE-2016-4412</cvename> + </references> + <dates> + <discovery>2016-11-25</discovery> + <entry>2016-11-25</entry> + </dates> + </vuln> + <vuln vid="dc596a17-7a9e-11e6-b034-f0def167eeea"> <topic>Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611250816.uAP8GaT8007712>