OpenSUSE Linux update for phpMyAdmin



Published: 2018-12-14
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-19968
CVE-2018-19969
CVE-2018-19970
CWE-ID CWE-401
CWE-352
CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU16498

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19968

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory leak. A remote attacker with valid credentials can log in to phpMyAdmin, gain access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access to leak the contents of a local file.


Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site request forgery

EUVDB-ID: #VU16499

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19969

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.

Successful exploitation of the vulnerability may allow a remote attacker to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

EUVDB-ID: #VU16500

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19970

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###