85556 – dev-db/phpmyadmin"_": Wildcard Permissions Security Bypass

Bug 85556 - dev-db/phpmyadmin"_": Wildcard Permissions Security Bypass

Summary: dev-db/phpmyadmin"_": Wildcard Permissions Security Bypass

Status:	RESOLVED DUPLICATE of bug 83792

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/14599/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-03-16 12:51 UTC by Luke Macken (RETIRED)
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Macken (RETIRED) gentoo-dev

2005-03-16 12:51:29 UTC

DESCRIPTION:
A vulnerability has been reported in phpMyAdmin, which can be
exploited by malicious users to bypass certain security
restrictions.

The vulnerability is caused due to an input validation error in the
handling of "_" characters in the privileges management module where
users in certain situations can be assigned wildcard permissions.
This can be exploited to bypass certain security restrictions.

SOLUTION:
Update to version 2.6.1-pl3.
http://sourceforge.net/project/showfiles.php?group_id=23067

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2005-03-16 12:53:15 UTC

Fixed in phpmyadmin-2.6.1_p2-r1 - see Bug 83792 ;-)

Comment 2 Luke Macken (RETIRED) gentoo-dev

2005-03-16 12:53:56 UTC

*** This bug has been marked as a duplicate of 83792 ***

*** This bug has been marked as a duplicate of 83792 ***