Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 219005 (CVE-2008-1924) - dev-db/phpmyadmin <2.11.5.2 CREATE table file disclosure (CVE-2008-1924)
Summary: dev-db/phpmyadmin <2.11.5.2 CREATE table file disclosure (CVE-2008-1924)
Status: RESOLVED FIXED
Alias: CVE-2008-1924
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-23 10:30 UTC by Hanno Böck
Modified: 2008-05-05 21:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-04-23 10:30:15 UTC
No cve yet, see here:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 22:28:10 UTC
CVE-2008-1924:
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared
hosts, allows attackers with CREATE table permissions to read arbitrary files
via a crafted HTTP POST request, related to use of an undefined UploadDir
variable.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-25 12:06:00 UTC
in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 20:58:58 UTC
Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.2
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-04-26 11:54:21 UTC
amd64/x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-26 15:18:39 UTC
Stable for HPPA.
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2008-04-27 08:31:56 UTC
ppc64 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2008-04-27 18:35:28 UTC
alpha/sparc stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:02:53 UTC
ppc stable
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:29:21 UTC
Fixed in release snapshot.
Comment 10 Tobias Heinlein (RETIRED) gentoo-dev 2008-04-29 12:56:51 UTC
Ready for vote. I vote YES.
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-29 13:00:37 UTC
agreed, filed request
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-05 21:41:38 UTC
GLSA 200805-02