ClickCease Critical ADOdb Vulnerabilities Fixed in Ubuntu

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Critical ADOdb Vulnerabilities Fixed in Ubuntu

by Rohan Timalsina

June 26, 2024 - TuxCare expert team

Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses.

The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM. Users and organizations are strongly encouraged to apply updates promptly to mitigate potential risks.

 

Understanding ADOdb and Its Vulnerabilities

 

ADOdb is widely used in PHP applications to provide a unified interface for database access. However, like any software, it is not immune to security flaws. Several critical vulnerabilities have been identified and patched, highlighting the importance of keeping your ADOdb library up to date.

Here are the vulnerabilities that have been fixed:

 

CVE-2016-7405 (CVSS v3 Severity Score: 9.8 Critical)

It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. This flaw could allow a remote attacker to execute SQL injection attacks, potentially compromising the database. This vulnerability only affected Ubuntu 16.04.

 

CVE-2016-4855 (CVSS v3 Severity Score: 6.1 Medium)

Another vulnerability was found in how ADOdb handled GET parameters in the test.php file. A remote attacker could exploit this vulnerability to perform XSS attacks, which could lead to unauthorized actions being performed on behalf of the user. This issue also only affected Ubuntu 16.04.

 

CVE-2021-3850 (CVSS v3 Severity Score: 9.1 Critical)

Emmet Leahy discovered a vulnerability where ADOdb incorrectly handled string quotes in PostgreSQL connections. This flaw could allow a remote attacker to bypass authentication, gaining unauthorized access to the database.

 

How to Stay Secure

 

To protect your systems from these vulnerabilities, it is essential to update the ADOdb package to the latest version available in your Ubuntu system repository. By keeping your ADOdb library up to date, you can protect your applications from these critical vulnerabilities and ensure the security of your database interactions.

Ubuntu 16.04 and Ubuntu 18.04 already reached their end of life, so they no longer receive any security fixes. However, Canonical provides security updates for them in Expanded Security Maintenance (ESM) via Ubuntu Pro.

Looking for a cost-effective alternative to Ubuntu Pro for extended security? Consider TuxCare’s Extended Lifecycle Support. TuxCare offers critical security patches for up to five additional years after the End-of-Life (EOL) date, ensuring your Ubuntu system stays secure while you plan a safe migration at your own pace.

Furthermore, TuxCare’s Extended Lifecycle Support for PHP gives you extended security updates for outdated PHP versions. This allows you to run your PHP applications running older versions of PHP securely for years without needing massive code rewriting.

 

Source: USN-6825-1

Summary
Critical ADOdb Vulnerabilities Fixed in Ubuntu
Article Name
Critical ADOdb Vulnerabilities Fixed in Ubuntu
Description
Learn about the vulnerabilities in the ADOdb PHP library and how to protect your applications from SQL injection and XSS attacks.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!