Date: Fri, 22 Jun 2018 23:16:01 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r473094 - head/security/vuxml Message-ID: <201806222316.w5MNG1FX064609@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Fri Jun 22 23:16:01 2018 New Revision: 473094 URL: https://svnweb.freebsd.org/changeset/ports/473094 Log: Docuement the latest phpMyAdmin vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jun 22 22:54:00 2018 (r473093) +++ head/security/vuxml/vuln.xml Fri Jun 22 23:16:01 2018 (r473094) @@ -58,6 +58,69 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="17cb6ff3-7670-11e8-8854-6805ca0b3d42"> + <topic>phpmyadmin -- remote code inclusion and XSS scripting</topic> + <affects> + <package> + <name>phpmyadmin</name> + <range><lt>4.8.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2018-3/">; + <h3>Summary</h3> + <p>XSS in Designer feature</p> + <h3>Description</h3> + <p>A Cross-Site Scripting vulnerability was found in the + Designer feature, where an attacker can deliver a + payload to a user through a specially-crafted database + name.</p> + <h3>Severity</h3> + <p>We consider this attack to be of moderate severity.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2018-4/">; + <h3>Summary</h3> + <p>File inclusion and remote code execution attack</p> + <h3>Description</h3> + <p>A flaw has been discovered where an attacker can include + (view and potentially execute) files on the server.</p> + <p>The vulnerability comes from a portion of code where + pages are redirected and loaded within phpMyAdmin, and an + improper test for whitelisted pages.</p> + <p>An attacker must be authenticated, except in these + situations:</p> + <ul> + <li>$cfg['AllowArbitraryServer'] = true: attacker can + specify any host he/she is already in control of, and + execute arbitrary code on phpMyAdmin</li> + <li>$cfg['ServerDefault'] = 0: this bypasses the login and + runs the vulnerable code without any authentication</li> + </ul> + <h3>Severity</h3> + <p>We consider this to be severe.</p> <h3>Mitigation + factor</h3> <p>Configuring PHP with a restrictive + `open_basedir` can greatly restrict an attacker's ability to + view files on the server. Vulnerable systems should not be + run with the phpMyAdmin directives + $cfg['AllowArbitraryServer'] = true or $cfg['ServerDefault'] + = 0</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.phpmyadmin.net/security/PMASA-2018-3/</url>; + <url>https://www.phpmyadmin.net/security/PMASA-2018-4/</url>; + <cvename>CVE-2018-12581</cvename> + <cvename>CVE-2018-12613</cvename> + </references> + <dates> + <discovery>2018-06-21</discovery> + <entry>2018-06-22</entry> + </dates> + </vuln> + <vuln vid="4e07d94f-75a5-11e8-85d1-a4badb2f4699"> <topic>FreeBSD -- Lazy FPU State Restore Information Disclosure</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806222316.w5MNG1FX064609>