Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 110146 - dev-db/phpmyadmin <= 2.6.4-pl2 Local File Inclusion Vulnerability
Summary: dev-db/phpmyadmin <= 2.6.4-pl2 Local File Inclusion Vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2005-10-22 07:45 UTC by Vic Fryzel (shellsage) (RETIRED)
Modified: 2005-10-25 05:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2005-10-22 07:45:14 UTC
A design flaw within phpMyAdmin allows inclusion of arbitrary files, which
usually leads to remote code execution

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-10-22 07:56:11 UTC
web-apps, please bump to 2.6.4_pl3
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2005-10-23 09:32:59 UTC
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-10-23 11:50:53 UTC
Archs please test and mark stable 2.6.4_p3
Target KEYWORDS="alpha amd64 hppa ~mips ppc sparc x86"
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2005-10-23 13:45:10 UTC
x86 done
Comment 5 Marcus D. Hanwell (RETIRED) gentoo-dev 2005-10-23 15:25:22 UTC
Stable on amd64. 
Comment 6 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-10-24 02:19:44 UTC
Stable on alpha ( 2.6.4_p3 ).
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-24 07:55:21 UTC
stable on sparc.
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-24 12:53:10 UTC
Stable on ppc and hppa
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-10-24 14:07:23 UTC
Ready for GLSA
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-10-25 01:01:55 UTC
Local file inclusion only.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-10-25 05:06:08 UTC
GLSA 200510-21