Date: Fri, 1 Jul 2016 15:22:47 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r417890 - head/security/vuxml Message-ID: <201607011522.u61FMlvs038151@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Fri Jul 1 15:22:47 2016 New Revision: 417890 URL: https://svnweb.freebsd.org/changeset/ports/417890 Log: Belatedly document 12 security advisories about phpMyAdmin. Severities range from 'non-critical' to 'severe' Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 1 14:27:31 2016 (r417889) +++ head/security/vuxml/vuln.xml Fri Jul 1 15:22:47 2016 (r417890) @@ -58,6 +58,243 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="e7028e1d-3f9b-11e6-81f9-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>phpmyadmin</name> + <range><ge>4.6.0</ge><lt>4.6.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMYAdmin development team reports:</p> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">; + <h3>Summary</h3> + <p>BBCode injection vulnerability</p> + + <h3>Description</h3> + <p>A vulnerability was discovered that allows an BBCode + injection to setup script in case it's not accessed on + https.</p> + + <h3>Severity</h3> + <p>We consider this to be non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-18/">; + <h3>Summary</h3> + <p>Cookie attribute injection attack</p> + + <h3>Description</h3> + <p>A vulnerability was found where, under some + circumstances, an attacker can inject arbitrary values + in the browser cookies.</p> + + <h3>Severity</h3> + <p>We consider this to be non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-19/">; + <h3>Summary</h3> + <p>SQL injection attack</p> + + <h3>Description</h3> + <p>A vulnerability was discovered that allows an SQL + injection attack to run arbitrary commands as the + control user.</p> + + <h3>Severity</h3> + <p>We consider this vulnerability to be serious</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-20/">; + <h3>Summary</h3> + <p>XSS on table structure page</p> + + <h3>Description</h3> + <p>An XSS vulnerability was discovered on the table + structure page</p> + + <h3>Severity</h3> + <p>We consider this to be a serious + vulnerability</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-21/">; + <h3>Summary</h3> + <p>Multiple XSS vulnerabilities</p> + + <h3>Description</h3> + <ul> + <li>An XSS vulnerability was discovered on the user + privileges page.</li> + <li>An XSS vulnerability was discovered in the error + console.</li> + <li>An XSS vulnerability was discovered in the central + columns feature.</li> + <li>An XSS vulnerability was discovered in the query + bookmarks feature.</li> + <li>An XSS vulnerability was discovered in the user groups + feature.</li> + </ul> + + <h3>Severity</h3> + <p>We consider this to be a serious vulnerability</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-22/">; + <h3>Summary</h3> + <p>DOS attack</p> + + <h3>Description</h3> + <p>A Denial Of Service (DOS) attack was discovered in + the way phpMyAdmin loads some JavaScript files.</p> + + <h3>Severity</h3> + <p>We consider this to be of moderate severity</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-23/">; + <h3>Summary</h3> + <p>Multiple full path disclosure vulnerabilities</p> + + <h3>Description</h3> + <p>This PMASA contains information on multiple full-path + disclosure vulnerabilities reported in phpMyAdmin.</p> + <p>By specially crafting requests in the following + areas, it is possible to trigger phpMyAdmin to display a + PHP error message which contains the full path of the + directory where phpMyAdmin is installed.</p> + <ol> + <li>Setup script</li> + <li>Example OpenID authentication script</li> + </ol> + + <h3>Severity</h3> + <p>We consider these vulnerabilities to be + non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-24/">; + <h3>Summary</h3> + <p>XSS through FPD</p> + + <h3>Description</h3> + <p>With a specially crafted request, it is possible to + trigger an XSS attack through the example OpenID + authentication script.</p> + + <h3>Severity</h3> + <p>We do not consider this vulnerability to be + secure due to the non-standard required PHP setting + for html_errors.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-25/">; + <h3>Summary</h3> + <p>XSS in partition range functionality</p> + + <h3>Description</h3> + <p>A vulnerability was reported allowing a specially + crafted table parameters to cause an XSS attack through + the table structure page.</p> + + <h3>Severity</h3> + <p>We consider this vulnerability to be severe.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-26/">; + <h3>Summary</h3> + <p>Multiple XSS vulnerabilities</p> + + <h3>Description</h3> + <ul> + <li>A vulnerability was reported allowing a specially + crafted table name to cause an XSS attack through the + functionality to check database privileges. + <ul> + <li>This XSS doesn't exist in some translations due to + different quotes being used there (eg. Czech).</li> + </ul> + </li> + <li>A vulnerability was reported allowing a + specifically-configured MySQL server to execute an XSS + attack. This particular attack requires configuring the + MySQL server log_bin directive with the payload.</li> + <li>Several XSS vulnerabilities were found with the + Transformation feature</li> + <li>Several XSS vulnerabilities were found in AJAX error + handling</li> + <li>Several XSS vulnerabilities were found in the Designer + feature</li> + <li>An XSS vulnerability was found in the charts + feature</li> + <li>An XSS vulnerability was found in the zoom search + feature</li> + </ul> + + <h3>Severity</h3> + <p>We consider these attacks to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-27/">; + <h3>Summary</h3> + <p>Unsafe handling of preg_replace parameters</p> + + <h3>Description</h3> + <p>In some versions of PHP, it's possible for an + attacker to pass parameters to the + <code>preg_replace()</code> function which can allow the + execution of arbitrary PHP code. This code is not + properly sanitized in phpMyAdmin as part of the table + search and replace feature.</p> + + <h3>Severity</h3> + <p>We consider this vulnerability to be of moderate + severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-28/">; + <h3>Summary</h3> + <p>Referrer leak in transformations</p> + + <h3>Description</h3> + <p>A vulnerability was reported where a specially + crafted Transformation could be used to leak information + including the authentication token. This could be used + to direct a CSRF attack against a user.</p> + <p>Furthermore, the CSP code used in version 4.0.x is + outdated and has been updated to more modern + standards.</p> + + <h3>Severity</h3> + <p>We consider this to be of moderate severity</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.phpmyadmin.net/security/PMASA-2016-17/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-18/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-19/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-20/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-21/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-22/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-23/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-24/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-25/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-26/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-27/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2016-28/</url>; + <cvename>CVE-2016-5701</cvename> + <cvename>CVE-2016-5702</cvename> + <cvename>CVE-2016-5703</cvename> + <cvename>CVE-2016-5704</cvename> + <cvename>CVE-2016-5705</cvename> + <cvename>CVE-2016-5706</cvename> + <cvename>CVE-2016-5730</cvename> + <cvename>CVE-2016-5731</cvename> + <cvename>CVE-2016-5732</cvename> + <cvename>CVE-2016-5733</cvename> + <cvename>CVE-2016-5734</cvename> + <cvename>CVE-2016-5739</cvename> + </references> + <dates> + <discovery>2016-06-23</discovery> + <entry>2016-07-01</entry> + </dates> + </vuln> + <vuln vid="f1c219ba-3f14-11e6-b3c8-14dae9d210b8"> <topic>haproxy -- denial of service</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607011522.u61FMlvs038151>