Skip to content

GitLab

aports
aports
Closed
Opened by Alexander Belous@belousa
Report abuse New issue

phpmyadmin: multiple issues (CVE-2014-4987 CVE-2014-4986 CVE-2014-4955 CVE-2014-4954)

CVE-2014-4987:
An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Moreover, the configuration storage must be set up for the user groups feature.

Affected Versions: versions 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so only Alpine Linux v3.0 is affected.

Solution: upgrade to phpMyAdmin 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch:
4.2 branch: https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
4.1 branch: https://github.com/phpmyadmin/phpmyadmin/commit/45550b8cff06ad128129020762f9b53d125a6934

References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-7.php

CVE-2014-4986:
With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.

Affected Versions: versions 4.0.x (prior to 4.0.10.1), 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so Alpine Linux v3.0, v2.7, v2.6 are affected.

Solution: upgrade to phpMyAdmin 4.0.10.1 or newer, or 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch:
4.2 branch: https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d
4.1 branch: https://github.com/phpmyadmin/phpmyadmin/commit/cd5697027a2ee7e1f7d7000b23be6051cdb0516c
4.0 branch: https://github.com/phpmyadmin/phpmyadmin/commit/a92753bd65e1f8b72c46ed3dda6c362628e0daf7

References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-6.php

CVE-2014-4955:
When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

Affected Versions: versions 4.0.x (prior to 4.0.10.1), 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so Alpine Linux v3.0, v2.7, v2.6 are affected.

Solution: upgrade to phpMyAdmin 4.0.10.1 or newer, or 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch:
4.2 branch: https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1
4.1 branch: https://github.com/phpmyadmin/phpmyadmin/commit/511c596b175889b8e6b9c423e352ca64fa20af2b
4.0 branch: https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a

References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-5.php

CVE-2014-4954:
With a crafted table comment, it is possible to trigger an XSS in database structure page. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

Affected Versions: versions 4.2.x (prior to 4.2.6); so only Alpine Linux v3.0 is affected.

Solution: upgrade to phpMyAdmin 4.2.6 or newer, or apply the patch: https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed

References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-4.php

(from redmine: issue id 3198, created on 2014-07-21, closed on 2014-07-24)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information