FreeBSD : phpmyadmin -- SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)

NASLDB: FreeBSD : phpmyadmin -- SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)

General

ID: 31377
Name: FreeBSD : phpmyadmin — SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

A phpMyAdmin security announcement report :

phpMyAdmin used the $_REQUEST superglobal as a source for its
parameters, instead of $_GET and $_POST. This means that on most
servers, a cookie with the same name as one of phpMyAdmin’s parameters
can interfere.

Another application could set a cookie for the root path ‘/’ with a
‘sql_query’ name, therefore overriding the user-submitted sql_query
because by default, the $_REQUEST superglobal imports first GET, then
POST then COOKIE data. Mitigation factor An attacker must trick the
victim into visiting a page on the same web server where he has placed
code that creates a malicious cookie.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2008-1149
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2008/03/01
Patch Release: 2008/03/04
Plugin Release: 2008/03/07

Plugin

Version: 1.15
Filename: freebsd_pkg_ce2f2adee7df11dca701000bcdc1757a.nasl
Filesize: 4961 bytes
MD5 Hash: 533b554e8b326ac917c27d7a18113b7a

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG