CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
Percentile
79.6%
This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmd_pdf.php via db parameter when register_globals is enabled. - [GUI] SQL error after sorting a subset - [lang] Catalan update - [lang] Russian update
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-9316.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(34682);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2008-4775");
script_xref(name:"FEDORA", value:"2008-9316");
script_name(english:"Fedora 9 : phpMyAdmin-3.0.1.1-1.fc9 (2008-9316)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a
XSS issue in pmd_pdf.php via db parameter when register_globals is
enabled. - [GUI] SQL error after sorting a subset - [lang] Catalan
update - [lang] Russian update
- [import] Temporary uploaded file not deleted - [auth]
Cannot create database after session timeout - [core]
ForceSSL generates incorrectly escaped redirections
(this time with the correct fix) - [lang] Hungarian
update - [core] Properly truncate SQL to avoid half of
html tags - [lang] Romanian update - [structure]
Incorrect index choice shown when modifying an index -
[interface] Misleading message after cancelling an
action - [lang] Croatian update - [lang] Finnish update
- [lang] Polish update - [lang] Japanese update -
[privileges] Wrong message when changing password -
[core] Cannot disable PMA tables - [lang] Problems with
Italian language file - [interface] ShowChgPassword
setting not respected - [security] XSS in a Designer
component
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=468974"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015848.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?3ae0f8b7"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected phpMyAdmin package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
script_cwe_id(79);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:phpMyAdmin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
script_set_attribute(attribute:"patch_publication_date", value:"2008/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC9", reference:"phpMyAdmin-3.0.1.1-1.fc9")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
}