Resource management error in phpmyadmin (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6632 |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
phpmyadmin (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource management error
EUVDB-ID: #VU33345
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-6632
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpmyadmin (Alpine package): 4.0.4.1-r0 - 4.4.15.7-r0
CPE2.3- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.4.1-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.4.2-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.9-r0:*:*:*:*:alpine_linux:*:2.6
https://git.alpinelinux.org/aports/commit/?id=e3226bf79b872494874e7f139d2c88c069c4d60f
https://git.alpinelinux.org/aports/commit/?id=abae6704b5ad5fa0ac123378e37f2b81d2585ff0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
