237781 – (CVE-2008-4096) dev-db/phpmyadmin < 2.11.9.1: Remote code execution after successful auth (CVE-2008-4096)

Bug 237781 (CVE-2008-4096) - dev-db/phpmyadmin < 2.11.9.1: Remote code execution after successful auth (CVE-2008-4096)

Summary: dev-db/phpmyadmin < 2.11.9.1: Remote code execution after successful auth (CV...

Status:	RESOLVED FIXED

Alias:	CVE-2008-4096

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High major
Assignee:	Gentoo Security

URL:	http://www.phpmyadmin.net/home_page/s...
Whiteboard:	B1? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-09-15 19:47 UTC by Christian Hoffmann (RETIRED)
Modified:	2009-03-18 22:32 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Hoffmann (RETIRED) gentoo-dev

2008-09-15 19:47:04 UTC

Quoting $URL:

Summary:
Code execution vulnerability

Description:
We received an advisory from Norman Hippert and we wish to thank him for his work. The server_databases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code (if the PHP configuration permits commands like exec).

Severity:
We consider this vulnerability to be serious.

Affected versions:
Versions before 2.11.9.1.

Solution:
Upgrade to phpMyAdmin 2.11.9.1 or newer.


---
References:
http://fd.the-wildcat.de/pma_e36a091q11.php
http://www.openwall.com/lists/oss-security/2008/09/15/2

Comment 1 Christian Hoffmann (RETIRED) gentoo-dev

2008-09-15 19:49:54 UTC

Maintainers, please bump.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 15:28:06 UTC

CVE-2008-4096 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4096):
  libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1
  allows remote authenticated users to execute arbitrary code via a
  request to server_databases.php with a sort_by parameter containing
  PHP sequences, which are processed by create_function.

Comment 3 Christian Hoffmann (RETIRED) gentoo-dev

2008-09-20 13:39:24 UTC

Maintainers, please bump. We have a target delay of 5 days for B1 issues.

Comment 4 Gunnar Wrobel (RETIRED) gentoo-dev

2008-09-21 13:42:10 UTC

phpmyadmin-2.11.9.1 is in the tree. Sorry for the delay.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2008-09-21 14:16:52 UTC

Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.9.1
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"

Comment 6 Brent Baude (RETIRED) gentoo-dev

2008-09-21 15:58:14 UTC

ppc done

Comment 7 Brent Baude (RETIRED) gentoo-dev

2008-09-21 16:08:47 UTC

ppc64 done

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2008-09-21 17:46:19 UTC

alpha/sparc/x86 stable

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2008-09-22 03:22:29 UTC

Stable for HPPA.

Comment 10 Tobias Heinlein (RETIRED) gentoo-dev

2008-09-23 18:58:10 UTC

amd64 stable

Comment 11 Tobias Heinlein (RETIRED) gentoo-dev

2008-09-23 18:59:55 UTC

All arches done, request filed.

Comment 12 Gunnar Wrobel (RETIRED) gentoo-dev

2008-09-29 07:59:03 UTC

Removed phpmyadmin-2.11.8, -2.11.8.1. webapps done

Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-18 22:32:00 UTC

GLSA 200903-32