Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1402 A number of vulnerabilities have been identified in phpMyAdmin 18 August 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: phpMyAdmin Publisher: phpMyAdmin Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-5274 CVE-2014-5273 Original Bulletin: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php Comment: This bulletin contains two (2) phpMyAdmin security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- PMASA-2014-8 Announcement-ID: PMASA-2014-8 Date: 2014-08-17 Summary Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages Description With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a crafted column name it is possible to trigger an XSS in the ENUM editor dialog. With a crafted variable name or a crafted value for unit field it is possible to trigger a self-XSS when adding a new chart in the monitor page. With a crafted value for x-axis label it is possible to trigger a self-XSS in the query chart page. With a crafted relation name it is possible to trigger an XSS in table relations page. Severity We consider these vulnerabilities to be non critical. Mitigation factor These vulnerabilities can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Affected Versions Versions 4.0.x (prior to 4.0.10.2), 4.1.x (prior to 4.1.14.3) and 4.2.x (prior to 4.2.7.1) are affected. Solution Upgrade to phpMyAdmin 4.0.10.2 or newer, or 4.1.14.3 or newer, or 4.2.7.1 or newer, or apply the patches listed below. References Thanks to Ashutosh Dhundhara for reporting the vulnerability in table relations page. Assigned CVE ids: CVE-2014-5273 CWE ids: CWE-661 CWE-79 Patches The following commits have been made to fix this issue: 647c9d12e33a6b64e1c3ff7487f72696bdf2dccb 2c45d7caa614afd71dbe3d0f7270f51ce5569614 cd9f302bf7f91a160fe7080f9a612019ef847f1c 90ddeecf60fc029608b972e490b735f3a65ed0cb 3ffc967fb60cf2910cc2f571017e977558c67821 The following commits have been made on the 4.1 branch to fix this issue: 2d394521197f81dce0d9529b2d86ed24760b5b2a 1956420ddab0595016ba2b3af89f7f82d39f5afa 69f746b7dc09f7b1a18b09de0b5cd71f0bcd0a3d bbd20b54864a389c7a0cd2c4d4715f00b81a03e9 5519905a2519d9a102b172432448c7e91d5601a6 The following commits have been made on the 4.0 branch to fix this issue: 285ed5b8d3bc9279fe6ed01da8151ed66be9b137 0433d463b6c05ea7b1080995414268fe0a449b00 3668255202062dd7d60bff70236302084e73fc11 03b92aa6e923f2b4a54b298cc0042548ff7ba89b 098caf93b63d4928e4df53310222c8727d0be9fe More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. - ------------------------------------------------------------------------------- PMASA-2014-9 Announcement-ID: PMASA-2014-9 Date: 2014-08-17 Summary XSS in view operations page. Description With a crafted view name it is possible to trigger an XSS when dropping the view in view operation page. Severity We consider this vulnerability to be non critical. Mitigation factor This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Affected Versions Versions 4.1.x (prior to 4.1.14.3) and 4.2.x (prior to 4.2.7.1) are affected. Solution Upgrade to phpMyAdmin 4.1.14.3 or newer, or 4.2.7.1 or newer, or apply the patch listed below. References Assigned CVE ids: CVE-2014-5274 CWE ids: CWE-661 CWE-79 Patches The following commits have been made to fix this issue: 0cd293f5e13aa245e4a57b8d373597cc0e421b6f The following commits have been made on the 4.1 branch to fix this issue: 65eef3d65411b985250487e14f1121754a91c6d5 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU/FdxxLndAQH1ShLAQJ9nA/+LJfWp7ewBNpRtNkK3SgisEdhqurM8i6U epv1gQ1hjdtjH9qzNl0iLQyrDc5Q1v/yMNVGRHDOjnZx9s/B46iEyhtwc9nyg0mF 5i8EUuFr8vl7aUi5ggN1YN9bE1//QiNj8pW71txGD8IQPgeDZpd57zdz4vr/TazN 8H0XXhzRdU1a8cUAnU5+3EqQAS209yqmShb2QwV4FWI2i+8vU8tDcx/uTnukucex kxFt4/Kw8TTaU58QynNm5BYSw6JvmyppzAjJ33WoRgX/k43u9LnqRy1//uI6NI18 9cjx8jrOgfLZ9a6H1SSuqe53LRDfPIhyYniLK9c+zTNpIXQUc7fkNp5nVr2UWP9X RFZh6l0GS9IdInTYSdiwTek2MyuFVIXvVUlthxB6CA0h9jb55erQY0IdKrpwX2ih RlsVkPDgpq7bIUkLi5YHr9/YtEwV1RI/CY8y8XwwH54eHmuzFVrLA6xpFyAphe2S kPb0bgx4x2sj8U5vZgCCeQFpMAlZkBkf4JeFa4XwsXjWn7FKsJwRMRt1dlNzD4PC qqmt3+4N/kxpLeG+j3XFvIvlzdGnv30D7tWJbLy6IkgdHJIB5JLjSlnt6U7xYQsC 9CzCXPvk7Dogs9Twtr7QwQFPWqBck95VNmUd8yq3oNiDHTyKKUwnDobWuuC4L8wC DP+tFQ5yoVk= =Xu3v -----END PGP SIGNATURE-----