Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 219005 (CVE-2008-1924)

Summary: dev-db/phpmyadmin <2.11.5.2 CREATE table file disclosure (CVE-2008-1924)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: svrmarty, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2008-04-23 10:30:15 UTC
No cve yet, see here:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 22:28:10 UTC
CVE-2008-1924:
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared
hosts, allows attackers with CREATE table permissions to read arbitrary files
via a crafted HTTP POST request, related to use of an undefined UploadDir
variable.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-25 12:06:00 UTC
in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 20:58:58 UTC
Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.2
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-04-26 11:54:21 UTC
amd64/x86 stable
Comment 5 Jeroen Roovers gentoo-dev 2008-04-26 15:18:39 UTC
Stable for HPPA.
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2008-04-27 08:31:56 UTC
ppc64 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2008-04-27 18:35:28 UTC
alpha/sparc stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:02:53 UTC
ppc stable
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:29:21 UTC
Fixed in release snapshot.
Comment 10 Tobias Heinlein (RETIRED) gentoo-dev 2008-04-29 12:56:51 UTC
Ready for vote. I vote YES.
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-29 13:00:37 UTC
agreed, filed request
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-05 21:41:38 UTC
GLSA 200805-02