{"id":"MGASA-2016-0291","summary":"Updated phpmyadmin packages fix security vulnerability","details":"In phpMyAdmin before 4.4.15.8, the decryption of the username/password is\nvulnerable to a padding oracle attack. The can allow an attacker who has\naccess to a user's browser cookie file to decrypt the username and\npassword. Also, the same initialization vector (IV) is used to hash the\nusername and password stored in the phpMyAdmin cookie. If a user has the\nsame password as their username, an attacker who examines the browser\ncookie can see that they are the same (CVE-2016-6606).\n\nIn phpMyAdmin before 4.4.15.8, multiple vulnerabilities have been\ndiscovered  in the following areas of phpMyAdmin: Zoom search, GIS editor,\nRelation view, several Transformations, XML export, MediaWiki export,\nDesigner, when the MySQL server is running with a specially-crafted\nlog_bin directive, Database tab, Replication feature, and Database search\n(CVE-2016-6607).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was found where a specially\ncrafted database name could be used to run arbitrary PHP commands through\nthe array export feature (CVE-2016-6609).\n\nIn phpMyAdmin before 4.4.15.8, a full path disclosure vulnerability was\ndiscovered where a user can trigger a particular error in the export\nmechanism to discover the full path of phpMyAdmin on the disk\n(CVE-2016-6610).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was reported where a\nspecially crafted database and/or table name can be used to trigger an SQL\ninjection attack through the export functionality (CVE-2016-6611).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user\ncan exploit the LOAD LOCAL INFILE functionality to expose files on the\nserver to the database system (CVE-2016-6612).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was found where a user can\nspecially craft a symlink on disk, to a file which phpMyAdmin is permitted\nto read but the user is not, which phpMyAdmin will then expose to the user\n(CVE-2016-6613).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was reported with the %u\nusername replacement functionality of the SaveDir and UploadDir features.\nWhen the username substitution is configured, a specially-crafted user\nname can be used to circumvent restrictions to traverse the file system\n(CVE-2016-6614).\n\nIn phpMyAdmin before 4.4.15.8, multiple XSS vulnerabilities were found in\nthe following areas: Navigation pane and database/table hiding feature,\nthe \"Tracking\" feature, and GIS visualization feature (CVE-2016-6615).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the\nfollowing features where a user can execute an SQL injection attack\nagainst the account of the control user: User group Designer\n(CVE-2016-6616).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was found in the\ntransformation feature allowing a user to trigger a denial-of-service\n(DOS) attack against the server (CVE-2016-6618).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the user\ninterface preference feature where a user can execute an SQL injection\nattack against the account of the control user (CVE-2016-6619).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was reported where some\ndata is passed to the PHP unserialize() function without verification that\nit's valid serialized data. A malicious user may be able to manipulate the\nstored data in a way to result in code being loaded and executed\n(CVE-2016-6620).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an\nunauthenticated user is able to execute a denial-of-service (DOS) attack\nby forcing persistent connections when phpMyAdmin is running with\n$cfg['AllowArbitraryServer']=true; (CVE-2016-6622).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability has been reported where a\nmalicious authorized user can cause a denial-of-service (DOS) attack on a\nserver by passing large values to a loop (CVE-2016-6623).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where, under\ncertain circumstances, it may be possible to circumvent the phpMyAdmin\nIP-based authentication rules. When phpMyAdmin is used with IPv6 in a\nproxy server environment, and the proxy server is in the allowed range but\nthe attacking computer is not allowed, this vulnerability can allow the\nattacking computer to connect despite the IP rules (CVE-2016-6624).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was reported where an\nattacker can determine whether a user is logged in to phpMyAdmin\n(CVE-2016-6625).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an\nattacker could redirect a user to a malicious web page (CVE-2016-6626).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an\nattacker can determine the phpMyAdmin host location through the file\nurl.php (CVE-2016-6627).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an\nattacker may be able to trigger a user to download a specially crafted\nmalicious SVG file (CVE-2016-6628).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was reported with the\n$cfg['ArbitraryServerRegexp'] configuration directive. An attacker could\nreuse certain cookie values in a way of bypassing the servers defined by\nArbitraryServerRegexp (CVE-2016-6629).\n\nIn phpMyAdmin before 4.4.15.8, an authenticated user can trigger a\ndenial-of-service (DOS) attack by entering a very long password at the\nchange password dialog (CVE-2016-6630).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user\ncan execute a remote code execution attack against a server when\nphpMyAdmin is being run as a CGI application. Under certain server\nconfigurations, a user can pass a query string which is executed as a\ncommand-line argument by the file generator_plugin.sh (CVE-2016-6631).\n\nIn phpMyAdmin before 4.4.15.8, a flaw was discovered where, under certain\nconditions, phpMyAdmin may not delete temporary files during the import\nof ESRI files (CVE-2016-6632).\n\nIn phpMyAdmin before 4.4.15.8, a vulnerability was discovered where\nphpMyAdmin can be used to trigger a remote code execution attack against\ncertain PHP installations (CVE-2016-6633).\n","modified":"2026-01-30T09:49:38.638303Z","published":"2016-08-31T15:32:33Z","related":["CVE-2016-6606","CVE-2016-6607","CVE-2016-6609","CVE-2016-6610","CVE-2016-6611","CVE-2016-6612","CVE-2016-6613","CVE-2016-6614","CVE-2016-6615","CVE-2016-6616","CVE-2016-6618","CVE-2016-6619","CVE-2016-6620","CVE-2016-6622","CVE-2016-6623","CVE-2016-6624","CVE-2016-6625","CVE-2016-6626","CVE-2016-6627","CVE-2016-6628","CVE-2016-6629","CVE-2016-6630","CVE-2016-6631","CVE-2016-6632","CVE-2016-6633"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0291.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19204"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-29/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-30/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-32/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-33/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-34/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-35/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-36/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-37/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-38/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-39/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-41/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-42/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-43/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-45/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-46/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-47/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-48/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-49/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-50/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-51/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-52/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-53/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-54/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-55/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2016-56/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/files/4.4.15.6/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/news/2016/8/16/phpmyadmin-401017-44158-and-464-are-released/"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.15.8-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0291.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}