Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 114662 - dev-db/phpmyadmin Multiple vulnerabilities? (CVE-2005-3665)
Summary: dev-db/phpmyadmin Multiple vulnerabilities? (CVE-2005-3665)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B1? [glsa] jaervosz
Keywords:
: 114728 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-12-06 15:06 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-12-11 13:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 15:06:11 UTC
It was possible to conduct an XSS attack via the HTTP_HOST variable; also, 
some scripts in the libraries directory that handle header generation were 
vulnerable to XSS.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 15:07:48 UTC
web-apps please bump. 
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2005-12-06 16:54:03 UTC
2.7.0 is already in the tree
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 22:36:15 UTC
Thx Renat. 
 
Arches please test and mark stable. 
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2005-12-07 00:32:39 UTC
stable on x86
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-07 01:50:09 UTC
Stable on ppc and hppa.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:36 UTC
http://www.hardened-php.net/advisory_252005.110.html 
 
They also list local and remote file inclusion 
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:57 UTC
*** Bug 114728 has been marked as a duplicate of this bug. ***
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:54:27 UTC
2.7.0-pl1 is released with another security fix. 
 
web-apps please bump. 
Comment 9 Renat Lumpau (RETIRED) gentoo-dev 2005-12-07 06:30:26 UTC
In CVS.
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-07 07:15:10 UTC
arches, your good old friend phpmyadmin again - pls test and mark stable, thx a lot
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-12-07 11:32:17 UTC
Stable on amd64. 
Comment 12 Mark Loeser (RETIRED) gentoo-dev 2005-12-07 21:24:54 UTC
stable on x86
Comment 13 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-09 11:31:30 UTC
Stable on ppc and hppa.
Comment 14 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-12-09 12:50:56 UTC
Stable on alpha. 

gustavoz (or sparc family) your turn ;) 
Comment 15 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-09 14:45:21 UTC
sparc stable.
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2005-12-11 09:53:10 UTC
Ready for GLSA
Comment 17 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-11 13:52:04 UTC
GLSA 200512-03