[gentoo-announce] [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities
Date:	Wed, 18 Mar 2009 22:30:43
Message-Id:	`49C17608.5000805@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200903-32

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: phpMyAdmin: Multiple vulnerabilities

9

      Date: March 18, 2009

10

      Bugs: #237781, #244914, #246831, #250752

11

        ID: 200903-32

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in phpMyAdmin, the worst

19

of which may allow for remote code execution.

20

21

Background

22

==========

23

24

phpMyAdmin is a web-based management tool for MySQL databases.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package            /  Vulnerable  /                    Unaffected

31

    -------------------------------------------------------------------

32

  1  dev-db/phpmyadmin     < 2.11.9.4                      >= 2.11.9.4

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been reported in phpMyAdmin:

38

39

* libraries/database_interface.lib.php in phpMyAdmin allows remote

40

  authenticated users to execute arbitrary code via a request to

41

  server_databases.php with a sort_by parameter containing PHP

42

  sequences, which are processed by create_function (CVE-2008-4096).

43

44

* Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows

45

  remote attackers to inject arbitrary web script or HTML via the db

46

  parameter, a different vector than CVE-2006-6942 and CVE-2007-5977

47

  (CVE-2008-4775).

48

49

* Cross-site request forgery (CSRF) vulnerability in phpMyAdmin

50

  allows remote authenticated attackers to perform unauthorized actions

51

  as the administrator via a link or IMG tag to tbl_structure.php with

52

  a modified table parameter. NOTE: this can be leveraged to conduct

53

  SQL injection attacks and execute arbitrary code (CVE-2008-5621).

54

55

* Multiple cross-site request forgery (CSRF) vulnerabilities in

56

  phpMyAdmin allow remote attackers to conduct SQL injection attacks

57

  via unknown vectors related to the table parameter, a different

58

  vector than CVE-2008-5621 (CVE-2008-5622).

59

60

Impact

61

======

62

63

A remote attacker may execute arbitrary code with the rights of the

64

webserver, inject and execute SQL with the rights of phpMyAdmin or

65

conduct XSS attacks against other users.

66

67

Workaround

68

==========

69

70

There is no known workaround at this time.

71

72

Resolution

73

==========

74

75

All phpMyAdmin users should upgrade to the latest version:

76

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.4"

79

80

References

81

==========

82

83

  [ 1 ] CVE-2006-6942

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942

85

  [ 2 ] CVE-2007-5977

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5977

87

  [ 3 ] CVE-2008-4096

88

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096

89

  [ 4 ] CVE-2008-4775

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775

91

  [ 5 ] CVE-2008-5621

92

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621

93

  [ 6 ] CVE-2008-5622

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622

95

96

Availability

97

============

98

99

This GLSA and any updates to it are available for viewing at

100

the Gentoo Security Website:

101

102

  http://security.gentoo.org/glsa/glsa-200903-32.xml

103

104

Concerns?

105

=========

106

107

Security is a primary focus of Gentoo Linux and ensuring the

108

confidentiality and security of our users machines is of utmost

109

importance to us. Any security concerns should be addressed to

110

security@g.o or alternatively, you may file a bug at

111

http://bugs.gentoo.org.

112

113

License

114

=======

115

116

Copyright 2009 Gentoo Foundation, Inc; referenced text

117

belongs to its owner(s).

118

119

The contents of this document are licensed under the

120

Creative Commons - Attribution / Share Alike license.

121

122

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200903-32
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: phpMyAdmin: Multiple vulnerabilities
9	Date: March 18, 2009
10	Bugs: #237781, #244914, #246831, #250752
11	ID: 200903-32
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in phpMyAdmin, the worst
19	of which may allow for remote code execution.
20
21	Background
22	==========
23
24	phpMyAdmin is a web-based management tool for MySQL databases.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 dev-db/phpmyadmin < 2.11.9.4 >= 2.11.9.4
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been reported in phpMyAdmin:
38
39	* libraries/database_interface.lib.php in phpMyAdmin allows remote
40	authenticated users to execute arbitrary code via a request to
41	server_databases.php with a sort_by parameter containing PHP
42	sequences, which are processed by create_function (CVE-2008-4096).
43
44	* Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows
45	remote attackers to inject arbitrary web script or HTML via the db
46	parameter, a different vector than CVE-2006-6942 and CVE-2007-5977
47	(CVE-2008-4775).
48
49	* Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
50	allows remote authenticated attackers to perform unauthorized actions
51	as the administrator via a link or IMG tag to tbl_structure.php with
52	a modified table parameter. NOTE: this can be leveraged to conduct
53	SQL injection attacks and execute arbitrary code (CVE-2008-5621).
54
55	* Multiple cross-site request forgery (CSRF) vulnerabilities in
56	phpMyAdmin allow remote attackers to conduct SQL injection attacks
57	via unknown vectors related to the table parameter, a different
58	vector than CVE-2008-5621 (CVE-2008-5622).
59
60	Impact
61	======
62
63	A remote attacker may execute arbitrary code with the rights of the
64	webserver, inject and execute SQL with the rights of phpMyAdmin or
65	conduct XSS attacks against other users.
66
67	Workaround
68	==========
69
70	There is no known workaround at this time.
71
72	Resolution
73	==========
74
75	All phpMyAdmin users should upgrade to the latest version:
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.4"
79
80	References
81	==========
82
83	[ 1 ] CVE-2006-6942
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942
85	[ 2 ] CVE-2007-5977
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5977
87	[ 3 ] CVE-2008-4096
88	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
89	[ 4 ] CVE-2008-4775
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775
91	[ 5 ] CVE-2008-5621
92	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621
93	[ 6 ] CVE-2008-5622
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622
95
96	Availability
97	============
98
99	This GLSA and any updates to it are available for viewing at
100	the Gentoo Security Website:
101
102	http://security.gentoo.org/glsa/glsa-200903-32.xml
103
104	Concerns?
105	=========
106
107	Security is a primary focus of Gentoo Linux and ensuring the
108	confidentiality and security of our users machines is of utmost
109	importance to us. Any security concerns should be addressed to
110	security@g.o or alternatively, you may file a bug at
111	http://bugs.gentoo.org.
112
113	License
114	=======
115
116	Copyright 2009 Gentoo Foundation, Inc; referenced text
117	belongs to its owner(s).
118
119	The contents of this document are licensed under the
120	Creative Commons - Attribution / Share Alike license.
121
122	http://creativecommons.org/licenses/by-sa/2.5