849008 – (CVE-2012-4345, CVE-2012-4579) CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4)

Bug 849008 (CVE-2012-4345, CVE-2012-4579) - CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4)

Summary: CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Dat...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-4345, CVE-2012-4579
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	849010 850620 850621 850622
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-17 04:05 UTC by Kurt Seifried
Modified:	2021-02-23 14:06 UTC (History)
CC List:	3 users (show)
Fixed In Version:	phpMyAdmin-3.5.2.2-1
Clone Of:
Environment:
Last Closed:	2012-09-01 01:09:34 UTC
Embargoed:

Attachments	(Terms of Use)

Description Kurt Seifried 2012-08-17 04:05:45 UTC

phpMyAdmin reports:

Summary

Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.
Description

Using a crafted table name, it was possible to produce a XSS : 1) On the Database Structure page, creating a new table with a crafted name 2) On the Database Structure page, using the Empty and Drop links of the crafted table name 3) On the Table Operations page of a crafted table, using the 'Empty the table (TRUNCATE)' and 'Delete the table (DROP)' links 4) On the Triggers page of a database containing tables with a crafted name, when opening the 'Add Trigger' popup 5) When creating a trigger for a table with a crafted name, with an invalid definition. Having crafted data in a database table, it was possible to produce a XSS : 6) When visualizing GIS data, having a crafted label name.
Severity

We consider these vulnerabilities to be non critical.
Mitigation factor

These XSS can only be triggered when a table with a crafted name is already present, or if crafted data is already stored in a database table.
Affected Versions

Versions 3.4.x are affected, for issues #1 and #2. Versions 3.5.x are affected, for all issues.
Solution

Upgrade to phpMyAdmin 3.4.11.1 or 3.5.2.2 or newer or apply the patches listed below. 

External References:

http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php

Comment 2 Vincent Danen 2012-08-22 02:27:23 UTC

Another CVE was assigned to these:

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-4579 to
the following vulnerability:

Name: CVE-2012-4579
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4579
Assigned: 20120821
Reference: http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin
3.5.x before 3.5.2.2 allow remote authenticated users to inject
arbitrary web script or HTML via a Table Operations (1) TRUNCATE or
(2) DROP link for a crafted table name, (3) the Add Trigger popup
within a Triggers page that references crafted table names, (4) an
invalid trigger-creation attempt for a crafted table name, (5) crafted
data in a table, or (6) a crafted tooltip label name during GIS data
visualization, a different issue than CVE-2012-4345.

Comment 4 Vincent Danen 2012-08-22 02:36:05 UTC

Created phpMyAdmin tracking bugs for this issue

Affects: fedora-all [bug 850620]
Affects: epel-6 [bug 850621]

Comment 5 Vincent Danen 2012-08-22 02:36:07 UTC

Created phpMyAdmin3 tracking bugs for this issue

Affects: epel-5 [bug 850622]

Note You need to log in before you can comment on or make changes to this bug.