Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins
phpMyAdmin_remote_cmd.nasl (script id 15748)
 

Index | Next | Previous | View Flat


simon at westpoint

Dec 4, 2008, 6:51 AM


Views: 2654
Permalink
phpMyAdmin_remote_cmd.nasl (script id 15748)

According to the CVE-2004-2630[1] and the advisory from the phpMyAdmin
team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command
execution vulnerability described by phpMyAdmin_remote_cmd.nasl (script
id 15748). Bugtraq says different[3].

If that's the case, the version pattern can be changed from:

(2\.[0-5]\..*|2\.6\.0$|2\.6\.0-pl1)

to:

(2\.5\..*|2\.6\.0$|2\.6\.0-pl1)

(patch attached)

[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2630
[2]: http://www.phpmyadmin.net/home_page/security/PMASA-2004-2.php
[3]: http://www.securityfocus.com/bid/11391/

Regards
--
Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Attachments: phpMyAdmin_remote_cmd-2.5.patch (0.39 KB)

Subject User Time
phpMyAdmin_remote_cmd.nasl (script id 15748) simon at westpoint Dec 4, 2008, 6:51 AM
    Re: phpMyAdmin_remote_cmd.nasl (script id 15748) theall at tenablesecurity Dec 8, 2008, 12:47 PM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.