Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 302745 - <dev-db/phpmyadmin-3.3.5.1: Multiple vulnerabilities (CVE-2008-{7251,7252},CVE-2010-3055)
Summary: <dev-db/phpmyadmin-3.3.5.1: Multiple vulnerabilities (CVE-2008-{7251,7252},CV...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B1 [glsa]
Keywords:
Depends on: CVE-2010-3056
Blocks:
  Show dependency tree
 
Reported: 2010-01-29 12:51 UTC by Tobias Heinlein (RETIRED)
Modified: 2012-01-04 23:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:51:56 UTC
CVE-2008-7251 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251):
  libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates
  a temporary directory with 0777 permissions, which has unknown impact
  and attack vectors.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:52:37 UTC
web-apps, please bump.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 12:54:05 UTC
CVE-2008-7252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252):
  libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses
  predictable filenames for temporary files, which has unknown impact
  and attack vectors.

Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-08-20 17:03:07 UTC
PMASA-2010-4 (http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php)
Date: 2010-08-20
Insufficient output sanitizing when generating configuration file.

The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code.

We consider this vulnerability to be critical.

Affected Versions
For 2.11.x: versions before 2.11.10.1. 
Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-08-21 00:19:03 UTC
Arches, please test and mark stable:
=dev-db/phpmyadmin-3.3.5.1
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 5 Jeroen Roovers gentoo-dev 2010-08-21 16:12:47 UTC
Stable for HPPA.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-08-21 16:40:47 UTC
amd64 done
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-08-21 18:09:04 UTC
x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-08-27 16:56:32 UTC
alpha/sparc stable
Comment 9 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-09-01 09:28:35 UTC
ppc, pcc64: This bug is superseded by bug 335490. Please continue stabilizing version 3.3.6 there.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 22:30:37 UTC
CVE-2010-3055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3055):
  The configuration setup script (aka scripts/setup.php) in phpMyAdmin
  2.11.x before 2.11.10.1 does not properly restrict key names in its
  output file, which allows remote attackers to execute arbitrary PHP
  code via a crafted POST request.

Comment 11 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-10-22 17:30:08 UTC
Affected ebuilds were removed from the tree.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-01-04 23:41:42 UTC
This issue was resolved and addressed in
 GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml
by GLSA coordinator Tim Sammut (underling).