Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 110146

Summary: dev-db/phpmyadmin <= 2.6.4-pl2 Local File Inclusion Vulnerability
Product: Gentoo Security Reporter: Vic Fryzel (shellsage) (RETIRED) <shellsage>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: sgtphou, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.hardened-php.net/advisory_162005.73.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2005-10-22 07:45:14 UTC
A design flaw within phpMyAdmin allows inclusion of arbitrary files, which
usually leads to remote code execution

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-10-22 07:56:11 UTC
web-apps, please bump to 2.6.4_pl3
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2005-10-23 09:32:59 UTC
Bumped
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-10-23 11:50:53 UTC
Archs please test and mark stable 2.6.4_p3
Target KEYWORDS="alpha amd64 hppa ~mips ppc sparc x86"
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2005-10-23 13:45:10 UTC
x86 done
Comment 5 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-10-23 15:25:22 UTC
Stable on amd64. 
Comment 6 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-10-24 02:19:44 UTC
Stable on alpha ( 2.6.4_p3 ).
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-24 07:55:21 UTC
stable on sparc.
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-24 12:53:10 UTC
Stable on ppc and hppa
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-10-24 14:07:23 UTC
Ready for GLSA
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-10-25 01:01:55 UTC
Local file inclusion only.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-10-25 05:06:08 UTC
GLSA 200510-21