Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 302745

Summary: <dev-db/phpmyadmin-3.3.5.1: Multiple vulnerabilities (CVE-2008-{7251,7252},CVE-2010-3055)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 335490    
Bug Blocks:    

Description Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:51:56 UTC 
CVE-2008-7251 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251):
  libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates
  a temporary directory with 0777 permissions, which has unknown impact
  and attack vectors.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:52:37 UTC 
web-apps, please bump.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:54:05 UTC 
CVE-2008-7252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252):
  libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses
  predictable filenames for temporary files, which has unknown impact
  and attack vectors.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-20 17:03:07 UTC 
PMASA-2010-4 (http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php)
Date: 2010-08-20
Insufficient output sanitizing when generating configuration file.

The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code.

We consider this vulnerability to be critical.

Affected Versions
For 2.11.x: versions before 2.11.10.1.
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-21 00:19:03 UTC 
Arches, please test and mark stable:
=dev-db/phpmyadmin-3.3.5.1
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-21 16:12:47 UTC 
Stable for HPPA.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-08-21 16:40:47 UTC 
amd64 done
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-08-21 18:09:04 UTC 
x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-08-27 16:56:32 UTC 
alpha/sparc stable
Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-01 09:28:35 UTC 
ppc, pcc64: This bug is superseded by bug 335490. Please continue stabilizing version 3.3.6 there.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 22:30:37 UTC 
CVE-2010-3055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3055):
  The configuration setup script (aka scripts/setup.php) in phpMyAdmin
  2.11.x before 2.11.10.1 does not properly restrict key names in its
  output file, which allows remote attackers to execute arbitrary PHP
  code via a crafted POST request.
Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-10-22 17:30:08 UTC 
Affected ebuilds were removed from the tree.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-01-04 23:41:42 UTC 
This issue was resolved and addressed in
 GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml
by GLSA coordinator Tim Sammut (underling).