Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Fri, 29 Jan 2016 11:08:04 +0100
Type : VULN
Sujet : CERT-Renater : 2016/VULN042 (Phpmyadmin : Multiple vulnerabilities fixed in Phpmyadmin)
===================================================================
                             CERT-Renater

                   Note d'Information No. 2016/VULN042
_____________________________________________________________________

DATE                : 29/01/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running phpmyadmin versions 4.0.x prior to
                        4.0.10.13, 4.4.x prior to 4.4.15.3, 4.5.x prior
                                           to 4.5.4.

======================================================================
https://www.phpmyadmin.net/security/PMASA-2016-1/
https://www.phpmyadmin.net/security/PMASA-2016-2/
https://www.phpmyadmin.net/security/PMASA-2016-3/
https://www.phpmyadmin.net/security/PMASA-2016-4/
https://www.phpmyadmin.net/security/PMASA-2016-5/
https://www.phpmyadmin.net/security/PMASA-2016-6/
https://www.phpmyadmin.net/security/PMASA-2016-7/
https://www.phpmyadmin.net/security/PMASA-2016-8/
https://www.phpmyadmin.net/security/PMASA-2016-9/
_____________________________________________________________________

PMASA-2016-1

Announcement-ID: PMASA-2016-1

Date: 2016-01-23

Summary

Multiple full path disclosure vulnerabilities.


Description

By calling some scripts that are part of phpMyAdmin in an unexpected
way, it is possible to trigger phpMyAdmin to display a PHP error
message which contains the full path of the directory where phpMyAdmin
is installed.


Severity

We consider these vulnerabilities to be non-critical.


Mitigation factor

This path disclosure is possible on servers where the recommended
setting of the PHP configuration directive display_errors is set to on,
which is against the recommendations given in the PHP manual for a
production server.


Affected Versions

Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x 
(prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or
newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting these
vulnerabilities.

Assigned CVE ids: CVE-2016-2038

CWE ids: CWE-661 CWE-200


Patches

The following commits have been made on the 4.0 branch to fix this
issue:

ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d

8023340a259ecae6a3bd9268f4e39d097bdf0146

215f4a8ebe717ba646be00fca8519cf768a902f5

7056ca9458d26b24a6b1d9255073237c1636ca33

25738352df8057b542eeac3237eb6fd1d3ba4289

5b79467245b6e0a476775e2958b42088794f8e02

The following commits have been made on the 4.4 branch to fix this
issue:

b39c02b0a82b13d2198276d228051139e6b838d9

470cd68344e86915679356dcc2cdb88c63a1d91d

b95360334d69b032b58cafb7d29db6670e9c7224

d63a8ab7e028925707902266fc989760118a4c72

879a14ad165b475ec58ceab33687d7cc5913a63b

d0a9baef3728a37120d53dc0a96abf04ace139da

The following commits have been made on the 4.5 branch to fix this
issue:

5aee5035646c4fc617564cb0d3d58c0435d64d81

85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3

447c88f4884fe30a25d38c331c31d820a19f8c93

f83b52737e321005959497d8e8f59f8aaedc9048

76b10187c38634a29d6780f99f6dcd796191073b

d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1

More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-2

Announcement-ID: PMASA-2016-2

Date: 2016-01-24

Summary

Unsafe generation of XSRF/CSRF token.


Description

The XSRF/CSRF token is generated with a weak algorithm using functions
that do not return cryptographically secure values.


Severity

We consider this vulnerability to be non-critical.


Affected Versions

Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and
4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or
newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-2039

CWE ids: CWE-661 CWE-338


Patches

The following commits have been made on the 4.0 branch to fix this
issue:

6fe54dfa000dd6f43f237e859781fad7111ac1bd

The following commits have been made on the 4.4 branch to fix this
issue:

91638c04d1f2c3977560a5b9db3ac3879a38691b

13384f7f47dadb02cfe950af0413c7d3e136df8e

The following commits have been made on the 4.5 branch to fix this
issue:

f20970d32c3dfdf82aef7b6c244da1f769043813

cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-3

Announcement-ID: PMASA-2016-3

Date: 2016-01-24


Summary

Multiple XSS vulnerabilities.


Description

With a crafted table name it is possible to trigger an XSS attack in
the database search page.

With a crafted SET value or a crafted search query, it is possible to
trigger an XSS attacks in the zoom search page.

With a crafted hostname header, it is possible to trigger an XSS
attacks in the home page.


Severity

We consider these vulnerabilities to be non-critical.


Mitigation factor

These vulnerabilities can be triggered only by someone who is logged in
to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required pages.


Affected Versions

Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and
4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or
newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting these
vulnerabilities.

Assigned CVE ids: CVE-2016-2040

CWE ids: CWE-661 CWE-79


Patches

The following commits have been made on the 4.0 branch to fix this
issue:

9f3488fc3ab6b83618dbb4bebbea4b973764e2ac

0ce4fd2750491a54d27f94cc1403f9da21738aa6

27eb98faedcdcd0b856577fcbdfe3e87b2445345

The following commits have been made on the 4.4 branch to fix this
issue:

2b3f915f72bfe7eb9ae60a69582f041ddc55f663

75de41635d387e1c3c8d71a746241502a90c8422

1414d60cbfe01a2d08ab9d5e6a7178a6323fca68

The following commits have been made on the 4.5 branch to fix this
issue:

75a55824012406a08c4debf5ddb7ae41c32a7dbc

edffb52884b09562490081c3b8666ef46c296418

aca42efa01917cc0fe8cfdb2927a6399ca1742f2


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-4

Announcement-ID: PMASA-2016-4

Date: 2016-01-24


Summary

Insecure password generation in JavaScript.


Description

Password suggestion functionality uses Math.random() which does not
provide cryptographically secure random numbers.


Severity

We consider this vulnerability to be non-critical.


Affected Versions

Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and
4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or
newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-1927

CWE ids: CWE-661 CWE-338


Patches

The following commits have been made on the 4.0 branch to fix this
issue:

6a96e67487f2faecb4de4204fee9b96b94020720

2369daa7f5f550797f560e6b46a021e4558c2d72

The following commits have been made on the 4.4 branch to fix this
issue:

8b6737735be5787d0b98c6cdfe2c7e3131b1bc95

5530a72e162fab442218486a90ff3365c96fde98

The following commits have been made on the 4.5 branch to fix this
issue:

8dedcc1a175eb07debd4fe116407c43694c60b22

912856b432d794201884c36e5f390d446339b6e4


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-5

Announcement-ID: PMASA-2016-5

Date: 2016-01-24


Summary

Unsafe comparison of XSRF/CSRF token.


Description

The comparison of the XSRF/CSRF token parameter with the value saved in
the session is vulnerable to timing attacks. Moreover, the comparison
could be bypassed if the XSRF/CSRF token matches a particular pattern.


Severity

We consider this vulnerability to be serious.


Affected Versions

Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and
4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or
newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-2041

CWE ids: CWE-661 CWE-208


Patches

The following commits have been made on the 4.0 branch to fix this
issue:

fe62b69a5b032de8e1d9d0a04456c1cecf46428c

The following commits have been made on the 4.4 branch to fix this
issue:

3303b3d6c304d71da4a7d242307bf449aaa955c5

The following commits have been made on the 4.5 branch to fix this
issue:

ec0e88e37ef30a66eada1c072953f4ec385a3e49

The following commits have been made to fix this issue:


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-6

Announcement-ID: PMASA-2016-6

Date: 2016-01-24


Summary

Multiple full path disclosure vulnerabilities.


Description

By calling some scripts that are part of phpMyAdmin in an unexpected
way, it is possible to trigger phpMyAdmin to display a PHP error
message which contains the full path of the directory where phpMyAdmin
is installed.


Severity

We consider these vulnerabilities to be non-critical.


Mitigation factor

This path disclosure is possible on servers where the recommended
setting of the PHP configuration directive display_errors is set to on,
which is against the recommendations given in the PHP manual for a
production server.


Affected Versions

Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are
affected.


Solution

Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer or apply patch
listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting these
vulnerabilities.

Assigned CVE ids: CVE-2016-2042

CWE ids: CWE-661 CWE-200


Patches

The following commits have been made on the 4.4 branch to fix this
issue:

3b96f3600651163b8c1d9b6ff7ebd0b142412993

The following commits have been made on the 4.5 branch to fix this
issue:

5a3de108f26e4b0dddadddbe8ccdb1dd5526771f


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-7

Announcement-ID: PMASA-2016-7

Date: 2016-01-24


Summary

XSS vulnerability in normalization page.


Description

With a crafted table name it is possible to trigger an XSS attack in
the database normalization page.


Severity

We consider this vulnerability to be non-critical.


Mitigation factor

This vulnerability can be triggered only by someone who is logged in to
phpMyAdmin, as the usual token protection prevents non-logged-in users
from accessing the required page.


Affected Versions

Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are
affected.


Solution

Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer or apply patch
listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-2043

CWE ids: CWE-661 CWE-79


Patches

The following commits have been made on the 4.4 branch to fix this
issue:

8f86713de6163ccd0f8bd9987251a9d17feaee18

The following commits have been made on the 4.5 branch to fix this
issue:

019c4f25d500ec5db9ba3b84cc961a7e4e850738


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-8

Announcement-ID: PMASA-2016-8

Date: 2016-01-24


Summary

Full path disclosure vulnerability in SQL parser.


Description

By calling a particular script that is part of phpMyAdmin in an
unexpected way, it is possible to trigger phpMyAdmin to display a PHP
error message which contains the full path of the directory where
phpMyAdmin is installed.


Severity

We consider this vulnerability to be non-critical.


Mitigation factor

This path disclosure is possible on servers where the recommended
setting of the PHP configuration directive display_errors is set to on,
which is against the recommendations given in the PHP manual for a
production server.


Affected Versions

Versions 4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.5.4 or newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting these
vulnerabilities.

Assigned CVE ids: CVE-2016-2044

CWE ids: CWE-661 CWE-200


Patches

The following commits have been made on the 4.5 branch to fix this
issue:

c57d3cc7b97b5f32801032f7bb222297aa97dfea

More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

_____________________________________________________________________

PMASA-2016-9

Announcement-ID: PMASA-2016-9

Date: 2016-01-24


Summary

XSS vulnerability in SQL editor.


Description

With a crafted SQL query, it is possible to trigger an XSS attack in
the SQL editor.


Severity

We consider this vulnerability to be non-critical.


Mitigation factor

This vulnerability can be triggered only by someone who is logged in to
phpMyAdmin, as the usual token protection prevents non-logged-in users
from accessing the required pages.


Affected Versions

Versions 4.5.x (prior to 4.5.4) are affected.


Solution

Upgrade to phpMyAdmin 4.5.4 or newer or apply patch listed below.


References

Thanks to Emanuel Bronshtein @e3amn2l for reporting these
vulnerabilities.

Assigned CVE ids: CVE-2016-2045

CWE ids: CWE-661 CWE-79


Patches

The following commits have been made on the 4.5 branch to fix this
issue:

0a24f92d081033576bfdd9d4bdec1a54501734c1

11496890d7e21786cbfd9fd17ab968f498116b3f


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]