Debian Security Advisory DSA 2167-1 (phpmyadmin) Network Vulnerability

Summary

The remote host is missing an update to phpmyadmin announced via advisory DSA 2167-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202167-1

Insight

It was discovered that phpMyAdmin, a a tool to administer MySQL over the web, when the bookmarks feature is enabled, allowed to create a bookmarked query which would be executed unintentionally by other users. For the oldstable distribution (lenny), this problem has been fixed in version 4:2.11.8.1-5+lenny8. For the stable distribution (squeeze), this problem has been fixed in version 4:3.3.7-5. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 4:3.3.9.2-1. We recommend that you upgrade your phpmyadmin packages.

Severity

Classification

CVE CVE-2011-0987

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1098-1 (horde3)
Debian Security Advisory DSA 035-1 (man2html)
Debian Security Advisory DSA 1041-1 (abc2ps)
Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 1000-2 (libapreq2-perl)

Take action and discover your vulnerabilities