1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200402-05 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
~ http://security.gentoo.org |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
~ Severity: Normal |
11 |
~ Title: phpMyAdmin < 2.5.6-rc1 directory traversal attack |
12 |
~ Date: February 17, 2004 |
13 |
~ Bugs: #40268 |
14 |
~ ID: 200402-05 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
A vulnerability in phpMyAdmin which was not properly verifying user |
22 |
generated input could lead to a directory traversal attack. |
23 |
|
24 |
Description |
25 |
=========== |
26 |
|
27 |
A component of the phpMyAdmin software package (export.php) does not |
28 |
properly verify input that is passed to it from a remote user. Since the |
29 |
input is used to include other files, it is possible to launch a |
30 |
directory traversal attack. |
31 |
|
32 |
Impact |
33 |
====== |
34 |
|
35 |
Sensitive information could be gleaned from the server if an |
36 |
attacker uses a malformed URL such as |
37 |
http://phpmyadmin.example.com/export.php?what=../../../[existing_file] |
38 |
|
39 |
In this scenario, the script does not sanitize the "what" argument |
40 |
passed to it, allowing directory traversal attacks to take place, and |
41 |
disclosing the contents of files if the file is readable as the |
42 |
web-server user. |
43 |
|
44 |
Workaround |
45 |
========== |
46 |
|
47 |
The workaround is to either patch the export.php file using the |
48 |
referenced CVS patch [ 1 ] or upgrade the software via Portage. |
49 |
|
50 |
Resolution |
51 |
========== |
52 |
|
53 |
Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1: |
54 |
|
55 |
~ # emerge sync |
56 |
~ # emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1" |
57 |
~ # emerge ">=dev-db/phpmyadmin-2.5.6_rc1" |
58 |
~ # emerge clean |
59 |
|
60 |
References |
61 |
========== |
62 |
|
63 |
[ 1 ] CVS Patch export.php of phpMyAdmin: |
64 |
|
65 |
http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&r2=2.3.2.1 |
66 |
|
67 |
Concerns? |
68 |
========= |
69 |
|
70 |
Security is a primary focus of Gentoo Linux and ensuring the |
71 |
confidentiality and security of our users machines is of utmost |
72 |
importance to us. Any security concerns should be addressed to |
73 |
security@g.o or alternatively, you may file a bug at |
74 |
http://bugs.gentoo.org. |
75 |
|
76 |
-----BEGIN PGP SIGNATURE----- |
77 |
Version: GnuPG v1.2.1 (GNU/Linux) |
78 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
79 |
|
80 |
iD8DBQFAMXp/MMXbAy2b2EIRAvugAJ4gl3MFBqN/7xKMYVXmkgxxBxGoygCbBJkI |
81 |
W4oMh6JoLHLMKyYRnIAeMzo= |
82 |
=x4cs |
83 |
-----END PGP SIGNATURE----- |