From owner-svn-ports-all@freebsd.org Fri Jul 1 15:22:48 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CB07B8E5F2; Fri, 1 Jul 2016 15:22:48 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 77E022B1C; Fri, 1 Jul 2016 15:22:48 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u61FMl0Q038152; Fri, 1 Jul 2016 15:22:47 GMT (envelope-from matthew@FreeBSD.org) Received: (from matthew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u61FMlvs038151; Fri, 1 Jul 2016 15:22:47 GMT (envelope-from matthew@FreeBSD.org) Message-Id: <201607011522.u61FMlvs038151@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: matthew set sender to matthew@FreeBSD.org using -f From: Matthew Seaman Date: Fri, 1 Jul 2016 15:22:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r417890 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2016 15:22:48 -0000 Author: matthew Date: Fri Jul 1 15:22:47 2016 New Revision: 417890 URL: https://svnweb.freebsd.org/changeset/ports/417890 Log: Belatedly document 12 security advisories about phpMyAdmin. Severities range from 'non-critical' to 'severe' Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 1 14:27:31 2016 (r417889) +++ head/security/vuxml/vuln.xml Fri Jul 1 15:22:47 2016 (r417890) @@ -58,6 +58,243 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + phpMyAdmin -- multiple vulnerabilities + + + phpmyadmin + 4.6.04.6.3 + + + + +

The phpMYAdmin development team reports:

+
Summary
+
BBCode injection vulnerability
+ +
Description
+
A vulnerability was discovered that allows an BBCode + injection to setup script in case it's not accessed on + https.
+ +
Severity
+
We consider this to be non-critical.
+

+
Summary
+
Cookie attribute injection attack
+ +
Description
+
A vulnerability was found where, under some + circumstances, an attacker can inject arbitrary values + in the browser cookies.
+ +
Severity
+
We consider this to be non-critical.
+

+
Summary
+
SQL injection attack
+ +
Description
+
A vulnerability was discovered that allows an SQL + injection attack to run arbitrary commands as the + control user.
+ +
Severity
+
We consider this vulnerability to be serious
+

+
Summary
+
XSS on table structure page
+ +
Description
+
An XSS vulnerability was discovered on the table + structure page
+ +
Severity
+
We consider this to be a serious + vulnerability
+

+
Summary
+
Multiple XSS vulnerabilities
+ +
Description
+
+
An XSS vulnerability was discovered on the user + privileges page.
+
An XSS vulnerability was discovered in the error + console.
+
An XSS vulnerability was discovered in the central + columns feature.
+
An XSS vulnerability was discovered in the query + bookmarks feature.
+
An XSS vulnerability was discovered in the user groups + feature.
+
+ +
Severity
+
We consider this to be a serious vulnerability
+

+
Summary
+
DOS attack
+ +
Description
+
A Denial Of Service (DOS) attack was discovered in + the way phpMyAdmin loads some JavaScript files.
+ +
Severity
+
We consider this to be of moderate severity
+

+
Summary
+
Multiple full path disclosure vulnerabilities
+ +
Description
+
This PMASA contains information on multiple full-path + disclosure vulnerabilities reported in phpMyAdmin.
+
By specially crafting requests in the following + areas, it is possible to trigger phpMyAdmin to display a + PHP error message which contains the full path of the + directory where phpMyAdmin is installed.
+
+
Setup script
+
Example OpenID authentication script
+
+ +
Severity
+
We consider these vulnerabilities to be + non-critical.
+

+
Summary
+
XSS through FPD
+ +
Description
+
With a specially crafted request, it is possible to + trigger an XSS attack through the example OpenID + authentication script.
+ +
Severity
+
We do not consider this vulnerability to be + secure due to the non-standard required PHP setting + for html_errors.
+

+
Summary
+
XSS in partition range functionality
+ +
Description
+
A vulnerability was reported allowing a specially + crafted table parameters to cause an XSS attack through + the table structure page.
+ +
Severity
+
We consider this vulnerability to be severe.
+

+
Summary
+
Multiple XSS vulnerabilities
+ +
Description
+
+
A vulnerability was reported allowing a specially + crafted table name to cause an XSS attack through the + functionality to check database privileges. +
+
This XSS doesn't exist in some translations due to + different quotes being used there (eg. Czech).
+
+
+
A vulnerability was reported allowing a + specifically-configured MySQL server to execute an XSS + attack. This particular attack requires configuring the + MySQL server log_bin directive with the payload.
+
Several XSS vulnerabilities were found with the + Transformation feature
+
Several XSS vulnerabilities were found in AJAX error + handling
+
Several XSS vulnerabilities were found in the Designer + feature
+
An XSS vulnerability was found in the charts + feature
+
An XSS vulnerability was found in the zoom search + feature
+
+ +
Severity
+
We consider these attacks to be of moderate + severity.
+

+
Summary
+
Unsafe handling of preg_replace parameters
+ +
Description
+
In some versions of PHP, it's possible for an + attacker to pass parameters to the + preg_replace() function which can allow the + execution of arbitrary PHP code. This code is not + properly sanitized in phpMyAdmin as part of the table + search and replace feature.
+ +
Severity
+
We consider this vulnerability to be of moderate + severity.
+

+
Summary
+
Referrer leak in transformations
+ +
Description
+
A vulnerability was reported where a specially + crafted Transformation could be used to leak information + including the authentication token. This could be used + to direct a CSRF attack against a user.
+
Furthermore, the CSP code used in version 4.0.x is + outdated and has been updated to more modern + standards.
+ +
Severity
+
We consider this to be of moderate severity
+

+ + + + https://www.phpmyadmin.net/security/PMASA-2016-17/ + https://www.phpmyadmin.net/security/PMASA-2016-18/ + https://www.phpmyadmin.net/security/PMASA-2016-19/ + https://www.phpmyadmin.net/security/PMASA-2016-20/ + https://www.phpmyadmin.net/security/PMASA-2016-21/ + https://www.phpmyadmin.net/security/PMASA-2016-22/ + https://www.phpmyadmin.net/security/PMASA-2016-23/ + https://www.phpmyadmin.net/security/PMASA-2016-24/ + https://www.phpmyadmin.net/security/PMASA-2016-25/ + https://www.phpmyadmin.net/security/PMASA-2016-26/ + https://www.phpmyadmin.net/security/PMASA-2016-27/ + https://www.phpmyadmin.net/security/PMASA-2016-28/ + CVE-2016-5701 + CVE-2016-5702 + CVE-2016-5703 + CVE-2016-5704 + CVE-2016-5705 + CVE-2016-5706 + CVE-2016-5730 + CVE-2016-5731 + CVE-2016-5732 + CVE-2016-5733 + CVE-2016-5734 + CVE-2016-5739 + + + 2016-06-23 + 2016-07-01 + + + haproxy -- denial of service