1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200407-22 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
http://security.gentoo.org/ |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
Severity: Normal |
11 |
Title: phpMyAdmin: Multiple vulnerabilities |
12 |
Date: July 29, 2004 |
13 |
Bugs: #57890 |
14 |
ID: 200407-22 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with |
22 |
a valid user account to alter configuration variables and execute |
23 |
arbitrary PHP code. |
24 |
|
25 |
Background |
26 |
========== |
27 |
|
28 |
phpMyAdmin is a popular, web-based MySQL administration tool written in |
29 |
PHP. It allows users to administer a MySQL database from a web-browser. |
30 |
|
31 |
Affected packages |
32 |
================= |
33 |
|
34 |
------------------------------------------------------------------- |
35 |
Package / Vulnerable / Unaffected |
36 |
------------------------------------------------------------------- |
37 |
1 dev-db/phpmyadmin <= 2.5.7 >= 2.5.7_p1 |
38 |
|
39 |
Description |
40 |
=========== |
41 |
|
42 |
Two serious vulnerabilities exist in phpMyAdmin. The first allows any |
43 |
user to alter the server configuration variables (including host, name, |
44 |
and password) by appending new settings to the array variables that |
45 |
hold the configuration in a GET statement. The second allows users to |
46 |
include arbitrary PHP code to be executed within an eval() statement in |
47 |
table name configuration settings. This second vulnerability is only |
48 |
exploitable if $cfg['LeftFrameLight'] is set to FALSE. |
49 |
|
50 |
Impact |
51 |
====== |
52 |
|
53 |
Authenticated users can alter configuration variables for their running |
54 |
copy of phpMyAdmin. The impact of this should be minimal. However, the |
55 |
second vulnerability would allow an authenticated user to execute |
56 |
arbitrary PHP code with the permissions of the webserver, potentially |
57 |
allowing a serious Denial of Service or further remote compromise. |
58 |
|
59 |
Workaround |
60 |
========== |
61 |
|
62 |
The second, more serious vulnerability is only exploitable if |
63 |
$cfg['LeftFrameLight'] is set to FALSE. In the default Gentoo |
64 |
installation, this is set to TRUE. There is no known workaround for the |
65 |
first. |
66 |
|
67 |
Resolution |
68 |
========== |
69 |
|
70 |
All phpMyAdmin users should upgrade to the latest version: |
71 |
|
72 |
# emerge sync |
73 |
|
74 |
# emerge -pv ">=dev-db/phpmyadmin-2.5.7_p1" |
75 |
# emerge ">=dev-db/phpmyadmin-2.5.7_p1" |
76 |
|
77 |
References |
78 |
========== |
79 |
|
80 |
[ 1 ] BugTraq Announcement |
81 |
http://www.securityfocus.com/archive/1/367486 |
82 |
|
83 |
Availability |
84 |
============ |
85 |
|
86 |
This GLSA and any updates to it are available for viewing at |
87 |
the Gentoo Security Website: |
88 |
|
89 |
http://security.gentoo.org/glsa/glsa-200407-22.xml |
90 |
|
91 |
Concerns? |
92 |
========= |
93 |
|
94 |
Security is a primary focus of Gentoo Linux and ensuring the |
95 |
confidentiality and security of our users machines is of utmost |
96 |
importance to us. Any security concerns should be addressed to |
97 |
security@g.o or alternatively, you may file a bug at |
98 |
http://bugs.gentoo.org. |
99 |
|
100 |
License |
101 |
======= |
102 |
|
103 |
Copyright 2004 Gentoo Foundation, Inc; referenced text |
104 |
belongs to its owner(s). |
105 |
|
106 |
The contents of this document are licensed under the |
107 |
Creative Commons - Attribution / Share Alike license. |
108 |
|
109 |
http://creativecommons.org/licenses/by-sa/1.0 |
110 |
|
111 |
-----BEGIN PGP SIGNATURE----- |
112 |
Version: GnuPG v1.2.4 (GNU/Linux) |
113 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
114 |
|
115 |
iD8DBQFBCV5wvcL1obalX08RAomVAKCCkwzkabhCZL1NZFzzZEZqBkDH7gCeMfZr |
116 |
ZzGSo3yfgPqg0y4JW39Rwzk= |
117 |
=UXwL |
118 |
-----END PGP SIGNATURE----- |