Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 250752
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Bruno Buss <bruno.buss@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 250752 depends on: Show dependency tree
Bug 250752 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-12-12 19:43 0000 
Description:
A logged-in user can be subject of SQL injection through cross site request
forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be
made through table parameter. 

Also from Secunia:
http://secunia.com/Advisories/33076/

------- Comment #1 From Tobias Heinlein 2008-12-12 21:13:01 0000 ------- 
Thanks for the report.

Web-apps, please bump.

------- Comment #2 From Steven Susbauer 2008-12-17 15:20:36 0000 ------- 
*** Bug 251281 has been marked as a duplicate of this bug. ***

------- Comment #3 From Steven Susbauer 2008-12-17 15:23:11 0000 ------- 
This is now assigned CVE-2008-5621 and CVE-2008-5622, if someone would like to
update the description and alias. Also, CVE-2008-5621 says it is possible to
execute arbitrary code; it may be grounds for changing the severity.


CVE-2008-5621: Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to
perform unauthorized actions as the administrator via a link or IMG tag to
tbl_structure.php with a modified table parameter. NOTE: this can be leveraged
to conduct SQL injection attacks and execute arbitrary code.

CVE-2008-5622: Multiple cross-site request forgery (CSRF) vulnerabilities in
phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allow remote attackers
to conduct SQL injection attacks via unknown vectors related to the table
parameter, a different vector than CVE-2008-5621.

------- Comment #4 From Robert Buchholz 2008-12-17 16:11:58 0000 ------- 
CVE-2008-5621 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5621):
  Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x
  before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to
  perform unauthorized actions as the administrator via a link or IMG
  tag to tbl_structure.php with a modified table parameter.  NOTE: this
  can be leveraged to conduct SQL injection attacks and execute
  arbitrary code.

CVE-2008-5622 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5622):
  Multiple cross-site request forgery (CSRF) vulnerabilities in
  phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allow remote
  attackers to conduct SQL injection attacks via unknown vectors
  related to the table parameter, a different vector than CVE-2008-5621.

------- Comment #5 From Gunnar Wrobel 2008-12-28 20:52:07 0000 ------- 
dev-db/phpmyadmin-{2.11.9.4,3.1.1} are in the tree.

Targets for 2.11.9.4:

  alpha amd64 hppa ppc ppc64 sparc x86

------- Comment #6 From Tobias Scherbaum 2008-12-29 18:23:50 0000 ------- 
ppc stable

------- Comment #7 From Brent Baude 2008-12-30 15:03:46 0000 ------- 
ppc64 done

------- Comment #8 From Friedrich Oslage 2008-12-30 20:26:29 0000 ------- 
sparc stable

------- Comment #9 From Tobias Heinlein 2009-01-02 00:44:07 0000 ------- 
amd64 stable

------- Comment #10 From Tobias Heinlein 2009-01-02 10:54:39 0000 ------- 
Removing amd64 and adding alpha back to CC. Thanks hparker.

------- Comment #11 From Jeroen Roovers 2009-01-02 18:38:08 0000 ------- 
(In reply to comment #5)
> dev-db/phpmyadmin-{2.11.9.4,3.1.1} are in the tree.
> 
> Targets for 2.11.9.4:
> 
>   alpha amd64 hppa ppc ppc64 sparc x86

Please describe stabilisation targets as category/package-version-revision
atoms - combining all the pieces is messy and error prone.

Stable for HPPA:
 =dev-db/phpmyadmin-2.11.9.4

------- Comment #12 From Markus Meier 2009-01-03 20:58:45 0000 ------- 
x86 stable

------- Comment #13 From Raúl Porcel 2009-01-05 17:30:42 0000 ------- 
alpha stable

------- Comment #14 From Tobias Heinlein 2009-01-05 18:43:04 0000 ------- 
GLSA request already in due to bug 237781 and some others.

------- Comment #15 From Pierre-Yves Rofes 2009-03-18 22:32:20 0000 ------- 
GLSA 200903-32
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug