
====================================================================

                                   CERT-Renater

                      Note d'Information No. 2016/VULN230
_____________________________________________________________________

DATE                : 26/05/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Systems running phpMyAdmin versions prior to 4.6.2,
                                    4.4.15.6.

======================================================================
https://www.phpmyadmin.net/security/PMASA-2016-14/
https://www.phpmyadmin.net/security/PMASA-2016-15/
https://www.phpmyadmin.net/security/PMASA-2016-16/
____________________________________________________________________

PMASA-2016-14

Announcement-ID: PMASA-2016-14

Date: 2016-05-25

Summary

Sensitive Data in URL GET Query Parameters


Description

Because user SQL queries are part of the URL, sensitive information
made as part of a user query can be exposed by clicking on external
links to attackers monitoring user GET query parameters or included in
the webserver logs.


Severity

We consider this to be non-critical.


Mitigation factor

Avoid clicking on external links in phpMyAdmin which are not redirected
through url.php script.


Affected Versions

All versions prior 4.6.2 are affected.


Solution

Upgrade to phpMyAdmin 4.6.2 or newer or apply patches listed below.


References

Assigned CVE ids: pending

CWE ids: CWE-661


Patches

The following commits have been made to fix this issue:

     11eb574242d2526107366d367ab5585fbe29578f

The following commits have been made to fix this issue:

     5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f

The following commits have been made to fix this issue:

     8326aaebe54083d9726e153abdd303a141fe5ad3

The following commits have been made to fix this issue:

     59e56bd63a5e023b797d82eb272cd074e3b4bfd1

The following commits have been made to fix this issue:


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

____________________________________________________________________


PMASA-2016-15

Announcement-ID: PMASA-2016-15

Date: 2016-05-25


Summary

File Traversal Protection Bypass on Error Reporting


Description

A specially crafted payload could result in the error reporting
component exposing whether an arbitrary file exists on the file
system and the size of that file.

The attacker must be able to intercept and modify the user's POST
data and must be able to trigger a JavaScript error to the user.


Severity

We consider this to be non-critical.


Mitigation factor

This attack can be mitigated in affected installations by setting
`$cfg['Servers'][$i]['SendErrorReports'] = 'never';`. Upgrading to
a more recent development commit is suggested.


Affected Versions

Git 'master' development branch. No released version was vulnerable.


Unaffected Versions

All released versions are not affected as they use precalculated data.


Solution

Upgrade to a more recent snapshot or release version.


References

Assigned CVE ids: pending

CWE ids: CWE-661


Patches

The following commits have been made to fix this issue:

     d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

____________________________________________________________________


PMASA-2016-16

Announcement-ID: PMASA-2016-16

Date: 2016-05-25


Summary

Self XSS


Description

A specially crafted attack could allow for special HTML characters
to be passed as URL encoded values and displayed back as special
characters in the page.


Severity

We consider this to be non-critical.


Affected Versions

Versions 4.4.x (prior to 4.4.15.6) and 4.6.x (prior to 4.6.2) are
affected.


Solution

Upgrade to phpMyAdmin 4.4.15.6 or 4.6.2 or newer or apply patch listed
below.


References

Assigned CVE ids: pending

CWE ids: CWE-661


Patches

The following commits have been made on the 4.6 branch to fix this
issue:

     b061096abd992801fbbd805ef6ff74e627528780

The following commits have been made on the 4.4 branch to fix this
issue:

     78e71897be0902eb1d5d3d30a33b4417cd7d4d87

More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================