Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 85556

Summary: dev-db/phpmyadmin"_": Wildcard Permissions Security Bypass
Product: Gentoo Security Reporter: Luke Macken (RETIRED) <lewk>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://secunia.com/advisories/14599/
Whiteboard:
Package list:
Runtime testing required: ---

Description Luke Macken (RETIRED) gentoo-dev 2005-03-16 12:51:29 UTC 
DESCRIPTION:
A vulnerability has been reported in phpMyAdmin, which can be
exploited by malicious users to bypass certain security
restrictions.

The vulnerability is caused due to an input validation error in the
handling of "_" characters in the privileges management module where
users in certain situations can be assigned wildcard permissions.
This can be exploited to bypass certain security restrictions.

SOLUTION:
Update to version 2.6.1-pl3.
http://sourceforge.net/project/showfiles.php?group_id=23067
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-03-16 12:53:15 UTC 
Fixed in phpmyadmin-2.6.1_p2-r1 - see Bug 83792 ;-)
Comment 2 Luke Macken (RETIRED) gentoo-dev 2005-03-16 12:53:56 UTC 
*** This bug has been marked as a duplicate of 83792 ***

*** This bug has been marked as a duplicate of 83792 ***