Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1311-1 adminer

Debian Security Advisory

DLA-1311-1 adminer -- LTS security update

Date Reported:

22 Mar 2018

Affected Packages:

adminer

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2018-7667.

More information:

It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool.

Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts or perform port scanning of other servers.

For Debian 7 Wheezy, this issue has been fixed in adminer version 3.3.3-1+deb7u1.

We recommend that you upgrade your adminer packages.