98328 2005-07-08 02:55 0000 dev-db/phppgadmin: Input Validation Hole in 'formLanguage' (CAN-2005-2256) 2005-07-26 12:38:17 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://securitytracker.com/alerts/2005/Jul/1014414.html C3 [noglsa] jaervosz P2 minor --- 1 vorlon@gentoo.org security@gentoo.org pgsql-bugs@gentoo.org web-apps@gentoo.org vorlon@gentoo.org 2005-07-08 02:55:02 0000 phpPgAdmin Input Validation Hole in 'formLanguage' Discloses Files to Remote Users SecurityTracker Alert ID: 1014414 SecurityTracker URL: http://securitytracker.com/id?1014414 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: Jul 7 2005 Impact: Disclosure of system information, Disclosure of user information Exploit Included: Yes Version(s): 3.5.3 and prior versions Description: A vulnerability was reported in phpPgAdmin. A remote user can view files on the target system. The script does not properly validate user-supplied input in the 'formLanguage' parameter. A remote user can supply a specially crafted parameter value containing encoded directory traversal characters to view files on the target system. A demonstration exploit URL is provided: formUsername=username&formPassword=password&formServer=0 &formLanguage=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/pa sswd%00&submitLogin=Login SecurityFocus reported this vulnerability. No credit was provided. Impact: A remote user can view files on the target system with the privileges of the target web service. Solution: No solution was available at the time of this entry. Vendor URL: phppgadmin.sourceforge.net/ (Links to External Site) Cause: Input validation error _______ postgresql/web-apps pls validate/advise vorlon@gentoo.org 2005-07-08 02:56:05 0000 oops... stupid me... reassigning ;-) koon@gentoo.org 2005-07-18 05:11:36 0000 Version 3.5.4 ------------- Bugs * Fix security hole in include() of language file: http://secunia.com/advisories/15941/ Check now requires that the language filename be in the list of known allowed filenames. * Fix that functions returning cstring were not being listed * Make parsing of PostgreSQL 1-dimensional arrays correct. Makes named function parameter use more reliable. * Fix downloading of the results of multiline queries. Postgres / web-apps peeps : anyone interested in herding that package and bump to the secure version ? We'll probably remove it from portage if noone takes it. koon@gentoo.org 2005-07-18 07:36:30 0000 -------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 security@debian.org http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -------------------------------------------------------------------------- Package : phppgadmin Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2256 BugTraq ID : 14142 A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that "magic_quotes_gpc" is disabled. rl03@gentoo.org 2005-07-18 07:49:06 0000 mholzer already bumped it to 3.5.4 on 15-Jul-2005 koon@gentoo.org 2005-07-18 07:53:33 0000 Oops. In fact it was already inportage. Arches, please test and mark stable : Target KEYWORDS="x86 ppc sparc hppa amd64" gustavoz@gentoo.org 2005-07-18 08:47:30 0000 sparc stable. dertobi123@gentoo.org 2005-07-19 04:38:34 0000 ppc stable killerfox@gentoo.org 2005-07-19 11:26:41 0000 Stable on hppa rl03@gentoo.org 2005-07-20 05:15:04 0000 x86 stable kugelfang@gentoo.org 2005-07-20 15:21:33 0000 Sorry for the delay, stable on amd64. dercorny@gentoo.org 2005-07-20 15:23:39 0000 Ready for GLSA vote. I've no opinion yet. jaervosz@gentoo.org 2005-07-20 22:15:52 0000 AFAIR magic_quotes_gpc is enabled by default -> downgrading severity. I tend to vote NO. dercorny@gentoo.org 2005-07-23 05:05:44 0000 1/2 No. koon@gentoo.org 2005-07-26 12:38:17 0000 1/2 not too... closing.