Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 263711
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alex Legler <a3li@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
phpmyadmin-2.11.9.5.ebuild Updated phpmyadmin-2.11.9.5 ebuild text/plain Chris Frage 2009-03-27 20:00 0000 1.60 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 263711 depends on: Show dependency tree
Bug 263711 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-03-25 10:23 0000 
PMASA-2009-1 (version 3 only)
HTTP Response Splitting and file inclusion vulnerability

Description:
The BLOB streaming feature allowed attacker to include arbitrary files and
inject HTTP headers using crafted URL parameters. 

PMASA-2009-2 (version 2 and 3)
Cross-site scripting on export page using cookies

Description:
Export page uses cookies to remember user settings of file name template. These
cookies could be used for cross-site scripting because they were not sanitized
sufficiently.

PMASA-2009-3 (version 2 and 3)
Insufficient output sanitizing when generating configuration file

Description:
Setup script used to generate configuration can be fooled using a crafted POST
request to include arbitrary PHP code in generated configuration file.

------- Comment #1 From Alex Legler 2009-03-26 17:47:53 0000 ------- 
CVE-2009-1148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1148):
  Directory traversal vulnerability in bs_disp_as_mime_type.php in the
  BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote
  attackers to read arbitrary files via directory traversal sequences
  in the file_path parameter ($filename variable).

CVE-2009-1149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1149):
  CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB
  streaming feature in phpMyAdmin before 3.1.3.1 allows remote
  attackers to inject arbitrary HTTP headers and conduct HTTP response
  splitting attacks via the (1) c_type and possibly (2) file_type
  parameters.

CVE-2009-1150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1150):
  Multiple cross-site scripting (XSS) vulnerabilities in the export
  page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5
  and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web
  script or HTML via the pma_db_filename_template cookie.

CVE-2009-1151 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1151):
  Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x
  before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to
  inject arbitrary PHP code into a configuration file via the save
  action.

------- Comment #2 From Chris Frage 2009-03-27 20:00:56 0000 ------- 
Created an attachment (id=186477) [details]
Updated phpmyadmin-2.11.9.5 ebuild

------- Comment #3 From Tobias Heinlein 2009-03-31 13:09:57 0000 ------- 
(In reply to comment #2)
> Created an attachment (id=186477) [edit] [details]
> Updated phpmyadmin-2.11.9.5 ebuild
> 

We much appreciate your effort, but attaching an ebuild when there's no real
change since the last version in the tree is confusing. Please just state
"Bumping the old ebuild works" or attach a unified diff of the necessary
changes.

web-apps, please bump.

------- Comment #4 From Alex Legler 2009-06-19 14:40:36 0000 ------- 
Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.9.5
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"


+*phpmyadmin-3.2.0 (19 Jun 2009)
+*phpmyadmin-2.11.9.5 (19 Jun 2009)
+
+  19 Jun 2009; Alex Legler <a3li@gentoo.org> +phpmyadmin-2.11.9.5.ebuild,
+  -phpmyadmin-3.1.2.ebuild, +phpmyadmin-3.2.0.ebuild:
+  Non-maintainer commit: Version bump, security bugs 263711 and 266438, bump
+  request 270877.
+

------- Comment #5 From Jeroen Roovers 2009-06-19 23:18:10 0000 ------- 
Stable for HPPA.

------- Comment #6 From Alex Legler 2009-06-20 13:43:55 0000 ------- 
Fixing the rating. Arches, your karma will increase a lot if you stable this
quickly. ;)

------- Comment #7 From Tobias Heinlein 2009-06-20 14:15:07 0000 ------- 
am64 stable.

------- Comment #8 From Brent Baude 2009-06-21 14:01:44 0000 ------- 
ppc64 done

------- Comment #9 From Brent Baude 2009-06-21 14:09:52 0000 ------- 
ppc done

------- Comment #10 From Christian Faulhammer 2009-06-25 14:12:03 0000 ------- 
x86 stable, closing

------- Comment #11 From Alex Legler 2009-06-25 14:44:33 0000 ------- 
GLSA time first.

------- Comment #12 From Tobias Klausmann 2009-06-26 19:34:30 0000 ------- 
Stable on alpha.

------- Comment #13 From Alex Legler 2009-06-29 22:40:05 0000 ------- 
GLSA 200906-03

------- Comment #14 From Robert Buchholz 2009-07-02 14:45:07 0000 ------- 
This bug has not finished [stable] stage when it entered [glsa]. sparc is
missing.

sparc, please stable =dev-db/phpmyadmin-2.11.9.5

------- Comment #15 From Raúl Porcel 2009-07-06 17:54:50 0000 ------- 
sparc stable
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug