Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Sep 2008 20:50:37 +0200
From: Thijs Kinkhorst <thijs@...ian.org>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: phpMyAdmin code execution (CVE request)

Hi all,

"- (2.11.9.1)  [security] Code execution vulnerability"

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1

"Welcome to this security update for phpMyAdmin 2.11.9.
Details will follow on http://phpmyadmin.net."

http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html

Attached patch is the fix from upstream. Judging from that (no other 
information is available yet), an authenticated user can supply a crafted 
sort_by parameter to server_databases.php, which will be turned in to 
executed PHP code because it is passed into create_function(). It is present 
at least since 2.9.1.

I would like to have a CVE id to refer to this issue.

Thijs

View attachment "pma_codeexecution.diff" of type "text/x-diff" (2833 bytes)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ