[gentoo-announce] [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities
Date:	Sun, 11 Dec 2005 22:09:04
Message-Id:	`200512112154.07697.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200512-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: phpMyAdmin: Multiple vulnerabilities

9

      Date: December 11, 2005

10

      Bugs: #114662

11

        ID: 200512-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple flaws in phpMyAdmin may lead to several XSS issues and local

19

and remote file inclusion vulnerabilities.

20

21

Background

22

==========

23

24

phpMyAdmin is a tool written in PHP intended to handle the

25

administration of MySQL over the web.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package            /  Vulnerable  /                    Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/phpmyadmin     < 2.7.0_p1                      >= 2.7.0_p1

34

35

Description

36

===========

37

38

Stefan Esser from Hardened-PHP reported about multiple vulnerabilties

39

found in phpMyAdmin. The $GLOBALS variable allows modifying the global

40

variable import_blacklist to open phpMyAdmin to local and remote file

41

inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9).

42

Furthermore, it is also possible to conduct an XSS attack via the

43

$HTTP_HOST variable and a local and remote file inclusion because the

44

contents of the variable are under total control of the attacker

45

(CVE-2005-3665, PMASA-2005-8).

46

47

Impact

48

======

49

50

A remote attacker may exploit these vulnerabilities by sending

51

malicious requests, causing the execution of arbitrary code with the

52

rights of the user running the web server. The cross-site scripting

53

issues allow a remote attacker to inject and execute malicious script

54

code or to steal cookie-based authentication credentials, potentially

55

allowing unauthorized access to phpMyAdmin.

56

57

Workaround

58

==========

59

60

There is no known workaround at this time.

61

62

Resolution

63

==========

64

65

All phpMyAdmin users should upgrade to the latest version:

66

67

    # emerge --sync

68

    # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1"

69

70

References

71

==========

72

73

  [ 1 ] CVE-2005-3665

74

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665

75

  [ 2 ] CVE-2005-4079

76

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4079

77

  [ 3 ] PMASA-2005-8

78

        http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8

79

  [ 4 ] PMASA-2005-9

80

        http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9

81

  [ 5 ] Hardened-PHP Advisory 25/2005

82

        http://www.hardened-php.net/advisory_252005.110.html

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

  http://security.gentoo.org/glsa/glsa-200512-03.xml

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

http://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2005 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200512-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: phpMyAdmin: Multiple vulnerabilities
9	Date: December 11, 2005
10	Bugs: #114662
11	ID: 200512-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple flaws in phpMyAdmin may lead to several XSS issues and local
19	and remote file inclusion vulnerabilities.
20
21	Background
22	==========
23
24	phpMyAdmin is a tool written in PHP intended to handle the
25	administration of MySQL over the web.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/phpmyadmin < 2.7.0_p1 >= 2.7.0_p1
34
35	Description
36	===========
37
38	Stefan Esser from Hardened-PHP reported about multiple vulnerabilties
39	found in phpMyAdmin. The $GLOBALS variable allows modifying the global
40	variable import_blacklist to open phpMyAdmin to local and remote file
41	inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9).
42	Furthermore, it is also possible to conduct an XSS attack via the
43	$HTTP_HOST variable and a local and remote file inclusion because the
44	contents of the variable are under total control of the attacker
45	(CVE-2005-3665, PMASA-2005-8).
46
47	Impact
48	======
49
50	A remote attacker may exploit these vulnerabilities by sending
51	malicious requests, causing the execution of arbitrary code with the
52	rights of the user running the web server. The cross-site scripting
53	issues allow a remote attacker to inject and execute malicious script
54	code or to steal cookie-based authentication credentials, potentially
55	allowing unauthorized access to phpMyAdmin.
56
57	Workaround
58	==========
59
60	There is no known workaround at this time.
61
62	Resolution
63	==========
64
65	All phpMyAdmin users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1"
69
70	References
71	==========
72
73	[ 1 ] CVE-2005-3665
74	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665
75	[ 2 ] CVE-2005-4079
76	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4079
77	[ 3 ] PMASA-2005-8
78	http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8
79	[ 4 ] PMASA-2005-9
80	http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9
81	[ 5 ] Hardened-PHP Advisory 25/2005
82	http://www.hardened-php.net/advisory_252005.110.html
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	http://security.gentoo.org/glsa/glsa-200512-03.xml
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	http://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2005 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce