Summary: | <dev-db/phpmyadmin-4.0.5: new set of XSS (CVE-2013-{3238,3239}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | ChaosEngine <andrzej.pauli> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, andrzej.pauli, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.1/phpMyAdmin-3.5.8.1-notes.html/view | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 479870 | ||
Bug Blocks: |
Description
ChaosEngine
2013-04-24 15:47:29 UTC
Commits for the branch: https://github.com/phpmyadmin/phpmyadmin/commits/RELEASE_3_5_8_1 CVE-2013-3239 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3239): phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. CVE-2013-3238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3238): phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. Bug 468516 is not a blocker: this can be fixed with 3.5.8.1. GLSA vote: yes GLSA with 479870, 478696, 465420 This issue was resolved and addressed in GLSA 201311-02 at http://security.gentoo.org/glsa/glsa-201311-02.xml by GLSA coordinator Sergey Popov (pinkbyte). |