Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 215502 (CVE-2008-1567) - dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)
Summary: dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)
Status: RESOLVED FIXED
Alias: CVE-2008-1567
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B3 [noglsa]
Keywords:
: 215692 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-03-30 23:22 UTC by Hanno Böck
Modified: 2009-04-23 17:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-03-30 23:22:12 UTC
Advisory from phpmyadmin:

Summary:
Credentials disclosure on shared hosts via session data

Description:
We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.

2.11.5.1 fixes this, please bump.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-01 13:10:00 UTC
*** Bug 215692 has been marked as a duplicate of this bug. ***
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-03 09:00:08 UTC
2.11.5.1 in portage
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-03 09:57:17 UTC
Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.1
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-04-03 19:22:59 UTC
ppc64 stable
Comment 5 Markus Meier gentoo-dev 2008-04-03 19:52:42 UTC
amd64/x86 stable
Comment 6 Jeroen Roovers gentoo-dev 2008-04-06 14:43:49 UTC
Stable for HPPA.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-06 20:22:30 UTC
ppc stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-04-07 20:20:41 UTC
alpha/sparc stable
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-08 05:37:16 UTC
Fixed in release snapshot.