|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13424] phpMyAdmin Two Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Dec 14 2004 - 02:34:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
phpMyAdmin Two Vulnerabilities
SECUNIA ADVISORY ID:
SA13424
VERIFY ADVISORY:
http://secunia.com/advisories/13424/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/
DESCRIPTION:
Nicolas Gregoire has reported two vulnerabilities in phpMyAdmin,
which can be exploited by malicious people to compromise a vulnerable
system and by malicious users to disclose sensitive information.
1) An input validation error in the handling of MySQL data allows
injection of arbitrary shell commands.
Example:
F\';[command]\'A
Successful exploitation requires that PHP safe mode is disabled and
MIME-based external transformations are activated.
The vulnerability has been reported in versions 2.6.0-pl2 up to
2.6.1-rc1.
2) Input passed to "sql_localfile" is not properly sanitised in
"read_dump.php" before being used to disclose files.
Successful exploitation requires access to the phpMyAdmin interface,
and that PHP safe mode is disabled and the UploadDir mechanism to be
active.
The vulnerability has been reported in versions 2.4.0 up to
2.6.1-rc1.
SOLUTION:
The vulnerabilities have been fixed in version 2.6.1-rc1.
PROVIDED AND/OR DISCOVERED BY:
Nicolas Gregoire, Exaprobe.
ORIGINAL ADVISORY:
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]