Arch Linux Security Advisory ASA-201606-25 ========================================== Severity: High Date : 2016-06-25 CVE-ID : CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5732 CVE-2016-5732 CVE-2016-5733 CVE-2016-5739 Package : phpmyadmin Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package phpmyadmin before version 4.6.3-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 4.6.3-1. # pacman -Syu "phpmyadmin>=4.6.3-1" The problems have been fixed upstream in version 4.6.3. Workaround ========== None. Description =========== - CVE-2016-5702 (cookie attribute injection) A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Only affected when PHP_SELF is not set. - CVE-2016-5703 (SQL injection) A vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user. This attack requires a controluser to exist and be configured in `config.inc.php`, therefore the attack can be mitigated by temporarily disabling the controluser. - CVE-2016-5704 (cross-side scripting) An cross-side scripting vulnerability was discovered on the table structure page - CVE-2016-5705 (cross-side scripting) * An cross-side scripting vulnerability was discovered on the user privileges page. * An cross-side scripting vulnerability was discovered in the error console. * An cross-side scripting vulnerability was discovered in the central columns feature. * An cross-side scripting vulnerability was discovered in the query bookmarks feature. * An cross-side scripting vulnerability was discovered in the user groups feature. - CVE-2016-5706 (denial of service) A Denial Of Service (DOS) attack was discovered in the way phpMyAdmin loads some JavaScript files. - CVE-2016-5730 (information disclosure) By specially crafting requests in the following areas, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. 1. Setup script 2. Example OpenID authentication script To mitigate these issues, it is possible to remove the setup script and examples subdirectories: ./setup/ and ./examples/. - CVE-2016-5731 (cross-side scripting) With a specially crafted request, it is possible to trigger an cross-side scripting attack through the example OpenID authentication script. Only affected when the default php.ini is changed and set html_errors = Off. - CVE-2016-5732 (cross-side scripting) A vulnerability was reported allowing a specially crafted table parameters to cause an cross-side scripting attack through the table structure page. - CVE-2016-57033 (cross-side scripting) * A vulnerability was reported allowing a specially crafted table name to cause an cross-side scripting attack through the functionality to check database privileges. * This cross-side scripting doesn't exist in some translations due to different quotes being used there (eg. Czech). * A vulnerability was reported allowing a specifically-configured MySQL server to execute an cross-side scripting attack. This particular attack requires configuring the MySQL server log_bin directive with the payload. * Several cross-side scripting vulnerabilities were found with the Transformation feature * Several cross-side scripting vulnerabilities were found in AJAX error handling * Several cross-side scripting vulnerabilities were found in the Designer feature * An cross-side scripting vulnerability was found in the charts feature * An cross-side scripting vulnerability was found in the zoom search feature - CVE-2016-5739 (information disclosure) A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user. Impact ====== A remote attacker might be able to access sensitive information, cause a denial of service, cause a cross-side scripting attack or cause an SQL injection. References ========== https://access.redhat.com/security/cve/CVE-2016-5701 https://access.redhat.com/security/cve/CVE-2016-5702 https://access.redhat.com/security/cve/CVE-2016-5703 https://access.redhat.com/security/cve/CVE-2016-5704 https://access.redhat.com/security/cve/CVE-2016-5705 https://access.redhat.com/security/cve/CVE-2016-5706 https://access.redhat.com/security/cve/CVE-2016-5730 https://access.redhat.com/security/cve/CVE-2016-5731 https://access.redhat.com/security/cve/CVE-2016-5732 https://access.redhat.com/security/cve/CVE-2016-5733 https://access.redhat.com/security/cve/CVE-2016-5739 https://www.phpmyadmin.net/security/PMASA-2016-17/ https://www.phpmyadmin.net/security/PMASA-2016-18/ https://www.phpmyadmin.net/security/PMASA-2016-19/ https://www.phpmyadmin.net/security/PMASA-2016-20/ https://www.phpmyadmin.net/security/PMASA-2016-21/ https://www.phpmyadmin.net/security/PMASA-2016-22/ https://www.phpmyadmin.net/security/PMASA-2016-23/ https://www.phpmyadmin.net/security/PMASA-2016-24/ https://www.phpmyadmin.net/security/PMASA-2016-25/ https://www.phpmyadmin.net/security/PMASA-2016-26/ https://www.phpmyadmin.net/security/PMASA-2016-27/ https://www.phpmyadmin.net/security/PMASA-2016-28/