Mandriva Update For Phpmyadmin MDVSA-2011:000 (phpmyadmin) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in phpmyadmin: error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing @ characters, as demonstrated using [a@url@page] (CVE-2010-4480). phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function (CVE-2010-4481). This upgrade provides the latest phpmyadmin version for MES5 (3.3.9) and patches the version for CS4 to address these vulnerabilities.

Affected

phpmyadmin on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-4480, CVE-2010-4481

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:124-1 (apache)
Mandrake Security Advisory MDVSA-2009:161 (squid)
Mandrake Security Advisory MDVSA-2009:034 (squid)
Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:160 (ruby)

Mandriva Update for phpmyadmin MDVSA-2011:000 (phpmyadmin)

Take action and discover your vulnerabilities