==================================================================== CERT-Renater Note d'Information No. 2012/VULN414 ____________________________________________________________________ DATE : 16/10/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running phpMyAdmin versions 3.5.x prior to 3.5.3. ====================================================================== http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php ______________________________________________________________________ PMASA-2012-6 Announcement-ID: PMASA-2012-6 Date: 2012-10-12 Summary Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages. Description When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. Severity We consider these vulnerabilities to be non critical. Mitigation factor These XSS can only be triggered when a crafted value is entered by the user. Affected Versions Versions 3.5.x are affected. Solution Upgrade to phpMyAdmin 3.5.3 or newer or apply the patches listed below. References Thanks to Maxim Rupp for reporting an issue when creating an event. Assigned CVE ids: CVE-2012-5339 CWE ids: CWE-661 CWE-79 Patches The following commits have been made to fix this issue: cfd688d2512df9827a8ecc0412fc264fc5bcb186 6ea8fad3f999bfdf79eb6fe31309592bca54d611 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. ______________________________________________________________________________________ PMASA-2012-7 Announcement-ID: PMASA-2012-7 Date: 2012-10-12 Summary Fetching the version information from a non-SSL site is vulnerable to a MITM attack. Description To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in non-SSL mode. A man-in-the-middle could modify this script on the wire to cause mischief. Severity We consider this vulnerability to be non critical. Affected Versions Versions 3.5.x before 3.5.3 are affected. Solution Upgrade to phpMyAdmin 3.5.3 or newer or apply the patches listed below. The fix involves fetching a JSON file rather than a JavaScript file. References Thanks to Mike Cardwell for reporting this issue and suggesting workarounds. Assigned CVE ids: CVE-2012-5368 CWE ids: CWE-661 CWE-300 Patches The following commits have been made to fix this issue: 50edafc0884aa15d0a1aa178089ac6a1ad2eb18a a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. The following commits have been made to fix this issue: cfd688d2512df9827a8ecc0412fc264fc5bcb186 6ea8fad3f999bfdf79eb6fe31309592bca54d611 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. ______________________________________________________________________ ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================