Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-776.NASL
HistoryDec 16, 2014 - 12:00 a.m.

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)

2014-12-1600:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.218

Percentile

96.5%

JSON

phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability.

phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)

  • Security fixes :

  • PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014- 18.php

  • sf#4612 [security] XSS vulnerability in redirection mechanism

  • PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014- 17.php

  • sf#4611 [security] DOS attack with long passwords

  • Bugfixes :

  • sf#4604 Query history not being deleted

  • sf#4057 db/table query string parameters no longer work

  • sf#4605 Unseen messages in tracking

  • sf#4606 Tracking report export as SQL dump does not work

  • sf#4607 Syntax error during db_copy operation

  • sf#4608 SELECT permission issues with relations and restricted access

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-776.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80049);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-9218", "CVE-2014-9219");

  script_name(english:"openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)");
  script_summary(english:"Check for the openSUSE-2014-776 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This
update fixes one vulnerability.

  - Security fixes :

  - PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400)
    [boo#908363]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-
    17.php

  - sf#4611 [security] DOS attack with long passwords

phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)

  - Security fixes :

  - PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79)
    [boo#908364]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-
    18.php

  - sf#4612 [security] XSS vulnerability in redirection
    mechanism

  - PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400)
    [boo#908363]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-
    17.php

  - sf#4611 [security] DOS attack with long passwords

  - Bugfixes :

  - sf#4604 Query history not being deleted

  - sf#4057 db/table query string parameters no longer work

  - sf#4605 Unseen messages in tracking

  - sf#4606 Tracking report export as SQL dump does not work

  - sf#4607 Syntax error during db_copy operation

  - sf#4608 SELECT permission issues with relations and
    restricted access"
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2014-17/"
  );
  # http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2014-18/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=908363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=908364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00054.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected phpMyAdmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:phpMyAdmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"phpMyAdmin-4.1.14.8-1.38.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"phpMyAdmin-4.1.14.8-28.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"phpMyAdmin-4.2.13.1-8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
}
VendorProductVersionCPE
novellopensusephpmyadminp-cpe:/a:novell:opensuse:phpmyadmin
novellopensuse12.3cpe:/o:novell:opensuse:12.3
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

nessus 9
fedora 3
securityvulns 2
openvas 10
freebsd 1
cve 2
cvelist 2
prion 2
ubuntucve 2
nvd 2
phpmyadmin 2
debiancve 2
exploitpack 1
mageia 1
zdt 1
typo3 1
debian 2
osv 3
ubuntu 1
nessus
nessus
phpMyAdmin 4.0.x < 4.0.10.7 / 4.1.x < 4.1.14.8 / 4.2.x < 4.2.13.1 Multiple Vulnerabilities (PMASA-2014-17 - PMASA-2014-18)
2014-12-08 00:00:00
FreeBSD : phpMyAdmin -- XSS and DoS vulnerabilities (c9c46fbf-7b83-11e4-a96e-6805ca0b3d42)
2014-12-05 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:243)
2014-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.13.1-1.fc20
2014-12-12 04:20:42
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.13.1-1.fc19
2014-12-15 04:28:07
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.13.1-1.fc21
2014-12-12 04:10:10
securityvulns
securityvulns
[ MDVSA-2014:243 ] phpmyadmin
2014-12-22 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-22 00:00:00
openvas
openvas
Fedora Update for phpMyAdmin FEDORA-2014-16327
2015-01-05 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-16358
2014-12-12 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-16474
2014-12-15 00:00:00
freebsd
freebsd
phpMyAdmin -- XSS and DoS vulnerabilities
2014-12-03 00:00:00
cve
cve
CVE-2014-9219
2014-12-08 11:59:13
CVE-2014-9218
2014-12-08 11:59:11
cvelist
cvelist
CVE-2014-9218
2014-12-08 11:00:00
CVE-2014-9219
2014-12-08 11:00:00
prion
prion
Code injection
2014-12-08 11:59:00
Cross site scripting
2014-12-08 11:59:00
ubuntucve
ubuntucve
CVE-2014-9219
2014-12-08 00:00:00
CVE-2014-9218
2014-12-08 00:00:00
nvd
nvd
CVE-2014-9219
2014-12-08 11:59:13
CVE-2014-9218
2014-12-08 11:59:11
phpmyadmin
phpmyadmin
XSS vulnerability in redirection mechanism.
2014-12-03 00:00:00
DoS vulnerability with long passwords.
2014-12-03 00:00:00
debiancve
debiancve
CVE-2014-9219
2014-12-08 11:59:13
CVE-2014-9218
2014-12-08 11:59:11
exploitpack
exploitpack
phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service
2014-12-15 00:00:00
mageia
mageia
Updated phpmyadmin package fixes CVE-2014-9218
2014-12-05 18:54:13
zdt
zdt
phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS
2014-12-16 00:00:00
typo3
typo3
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
2014-12-08 00:00:00
debian
debian
[SECURITY] [DLA 336-1] phpmyadmin security update
2015-10-28 19:55:06
[SECURITY] [DSA 3382-1] phpmyadmin security update
2015-10-28 19:52:25
osv
osv
phpmyadmin - security update
2015-10-28 00:00:00
phpmyadmin - security update
2015-10-28 00:00:00
phpmyadmin vulnerabilities
2021-03-16 14:27:57
ubuntu
ubuntu
phpMyAdmin vulnerabilities
2021-03-16 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.218

Percentile

96.5%

JSON
Related for OPENSUSE-2014-776.NASL
nessus9fedora3securityvulns2openvas10freebsd1cve2cvelist2prion2ubuntucve2nvd2phpmyadmin2debiancve2exploitpack1mageia1zdt1typo31debian2osv3ubuntu1