Joined: 12 May 2004
|Posted: Tue Oct 25, 2005 12:06 pm Post subject: [ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS
|Gentoo Linux Security Advisory
Title: phpMyAdmin: Local file inclusion and XSS vulnerabilities (GLSA 200510-21)
Exploitable: local and remote
Date: October 25, 2005
Updated: May 22, 2006
phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code, along with several cross-site scripting issues.
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web.
Vulnerable: < 2.6.4_p3
Unaffected: >= 2.6.4_p3
Architectures: All supported architectures
Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grab_globals.lib.php security model and overwrite the $cfg configuration array. Systems running PHP in safe mode are not affected. Futhermore, Tobias Klein reported several cross-site-scripting issues resulting from insufficient user input sanitizing.
A local attacker may exploit this vulnerability by sending malicious requests, causing the execution of arbitrary code with the rights of the user running the web server. Furthermore, the cross-site scripting issues give a remote attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.
There is no known workaround for all those issues at this time.
All phpMyAdmin users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.4_p3"
Last edited by GLSA on Mon Jul 03, 2006 4:17 am; edited 4 times in total