=====================================================================

                           CERT-Renater

               Note d'Information No. 2015/VULN014
_____________________________________________________________________

DATE                : 13/03/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Phpmyadmin versions 4.0.x, 4.2.x,
                           4.3.x prior to 4.0.10.9, 4.2.13.2, 4.3.11.1.

======================================================================
http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
______________________________________________________________________


PMASA-2015-1

Announcement-ID: PMASA-2015-1

Date: 2015-03-04


Summary

Risk of BREACH attack due to reflected parameter.


Description

With a large number of crafted requests it was possible to infer the
CSRF token by a BREACH attack.


Severity

We consider this vulnerability to be non critical.


Mitigation factor

This vulnerability can only be exploited in the presence of another
vulnerability that allows the attacker to inject JavaScript into
victim's browser.


Affected Versions

Versions 4.0.x (prior to 4.0.10.9), 4.2.x (prior to 4.2.13.2) and 4.3.x
(prior to 4.3.11.1) are affected.


Solution

Upgrade to phpMyAdmin 4.0.10.9 or newer, or 4.2.13.2 or newer, or
4.3.11.1 or newer, or apply the patch listed below.


References

Thanks to Jian Jiang
(https://www.linkedin.com/pub/jian-jiang/3a/660/775) and Xiaofeng Zheng
(iliwoy@gmail.com) for reporting this
vulnerability.

Assigned CVE ids: CVE-2015-2206

CWE ids: CWE-661 CWE-352


Patches

The following commits have been made to fix this issue:

    b2f1e895038a5700bf8e81fb9a5da36cbdea0eeb

The following commits have been made on the 4.2 branch to fix this
issue:

    d0f109dfe3b345094d7ceb49df0dbb68efc032ed

The following commits have been made on the 4.0 branch to fix this
issue:

    e1a68ad02c5b1a516b3787ce114ef6a6be004630

More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================