Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 114662 - dev-db/phpmyadmin Multiple vulnerabilities? (CVE-2005-3665)
Summary: dev-db/phpmyadmin Multiple vulnerabilities? (CVE-2005-3665)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B1? [glsa] jaervosz
Keywords:
: 114728 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-12-06 15:06 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-12-11 13:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 15:06:11 UTC 
It was possible to conduct an XSS attack via the HTTP_HOST variable; also, 
some scripts in the libraries directory that handle header generation were 
vulnerable to XSS.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 15:07:48 UTC 
web-apps please bump.
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2005-12-06 16:54:03 UTC 
2.7.0 is already in the tree
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 22:36:15 UTC 
Thx Renat. 
 
Arches please test and mark stable.
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2005-12-07 00:32:39 UTC 
stable on x86
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-07 01:50:09 UTC 
Stable on ppc and hppa.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:36 UTC 
http://www.hardened-php.net/advisory_252005.110.html 
 
They also list local and remote file inclusion
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:57 UTC 
*** Bug 114728 has been marked as a duplicate of this bug. ***
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:54:27 UTC 
2.7.0-pl1 is released with another security fix. 
 
web-apps please bump.
Comment 9 Renat Lumpau (RETIRED) gentoo-dev 2005-12-07 06:30:26 UTC 
In CVS.
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-07 07:15:10 UTC 
arches, your good old friend phpmyadmin again - pls test and mark stable, thx a lot
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-12-07 11:32:17 UTC 
Stable on amd64.
Comment 12 Mark Loeser (RETIRED) gentoo-dev 2005-12-07 21:24:54 UTC 
stable on x86
Comment 13 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-09 11:31:30 UTC 
Stable on ppc and hppa.
Comment 14 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-12-09 12:50:56 UTC 
Stable on alpha. 

gustavoz (or sparc family) your turn ;)
Comment 15 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-09 14:45:21 UTC 
sparc stable.
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2005-12-11 09:53:10 UTC 
Ready for GLSA
Comment 17 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-11 13:52:04 UTC 
GLSA 200512-03