215502 – (CVE-2008-1567) dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)

Bug 215502 (CVE-2008-1567) - dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)

Summary: dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)

Status:	RESOLVED FIXED

Alias:	CVE-2008-1567

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.phpmyadmin.net/home_page/s...
Whiteboard:	B3 [noglsa]
Keywords:

Duplicates (1):	215692 (view as bug list)
Depends on:
Blocks:

Reported:	2008-03-30 23:22 UTC by Hanno Böck
Modified:	2009-04-23 17:08 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2008-03-30 23:22:12 UTC

Advisory from phpmyadmin:

Summary:
Credentials disclosure on shared hosts via session data

Description:
We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.

2.11.5.1 fixes this, please bump.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-04-01 13:10:00 UTC

*** Bug 215692 has been marked as a duplicate of this bug. ***

Comment 2 Benedikt Böhm (RETIRED) gentoo-dev

2008-04-03 09:00:08 UTC

2.11.5.1 in portage

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-04-03 09:57:17 UTC

Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.1
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"

Comment 4 Markus Rothe (RETIRED) gentoo-dev

2008-04-03 19:22:59 UTC

ppc64 stable

Comment 5 Markus Meier gentoo-dev

2008-04-03 19:52:42 UTC

amd64/x86 stable

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2008-04-06 14:43:49 UTC

Stable for HPPA.

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2008-04-06 20:22:30 UTC

ppc stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2008-04-07 20:20:41 UTC

alpha/sparc stable

Comment 9 Peter Volkov (RETIRED) gentoo-dev

2008-04-08 05:37:16 UTC

Fixed in release snapshot.