Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 215502 (CVE-2008-1567)

Summary: dev-db/phpmyadmin < Local session data disclosure (CVE-2008-1567)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: mysql-bugs, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2008-03-30 23:22:12 UTC
Advisory from phpmyadmin:

Credentials disclosure on shared hosts via session data

We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host. fixes this, please bump.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-01 13:10:00 UTC
*** Bug 215692 has been marked as a duplicate of this bug. ***
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-03 09:00:08 UTC in portage
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-03 09:57:17 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-04-03 19:22:59 UTC
ppc64 stable
Comment 5 Markus Meier gentoo-dev 2008-04-03 19:52:42 UTC
amd64/x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-06 14:43:49 UTC
Stable for HPPA.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-06 20:22:30 UTC
ppc stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-04-07 20:20:41 UTC
alpha/sparc stable
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-08 05:37:16 UTC
Fixed in release snapshot.