Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

phpMyAdmin_remote_cmd.nasl (script id 15748)

  

 
Nessus plugins RSS feed   Index | Next | Previous | View Threaded


simon at westpoint

Dec 4, 2008, 6:51 AM

Post #1 of 2 (2325 views)
Permalink
phpMyAdmin_remote_cmd.nasl (script id 15748)
According to the CVE-2004-2630[1] and the advisory from the phpMyAdmin
team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command
execution vulnerability described by phpMyAdmin_remote_cmd.nasl (script
id 15748). Bugtraq says different[3].

If that's the case, the version pattern can be changed from:

(2\.[0-5]\..*|2\.6\.0$|2\.6\.0-pl1)

to:

(2\.5\..*|2\.6\.0$|2\.6\.0-pl1)

(patch attached)

[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2630
[2]: http://www.phpmyadmin.net/home_page/security/PMASA-2004-2.php
[3]: http://www.securityfocus.com/bid/11391/

Regards
--
Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Attachments: phpMyAdmin_remote_cmd-2.5.patch (0.39 KB)


theall at tenablesecurity

Dec 8, 2008, 12:47 PM

Post #2 of 2 (2155 views)
Permalink
Re: phpMyAdmin_remote_cmd.nasl (script id 15748) [In reply to]
On Dec 4, 2008, at 9:51 AM, Simon Ward wrote:

> According to the CVE-2004-2630[1] and the advisory from the
> phpMyAdmin team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have
> the command execution vulnerability described by
> phpMyAdmin_remote_cmd.nasl (script id 15748). Bugtraq says
> different[3].
>
> If that's the case, the version pattern can be changed from:
>
> (2\.[0-5]\..*|2\.6\.0$|2\.6\.0-pl1)
>
> to:
>
> (2\.5\..*|2\.6\.0$|2\.6\.0-pl1)

Thanks. I've updated the plugin to report only versions 2.5.0 - 2.6.0-
pl1 as affected, per phpMyAdmin's advisory. A new revision should
become available via the plugin feed in a couple of hours.

George
--
theall [at] tenablesecurity



_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.