[Phpmyadmin-news] phpMyAdmin security alert (PMASA-2004-4)
Marc Delisle
DelislMa at CollegeSherbrooke.qc.ca
Mon Dec 13 06:21:02 CET 2004
phpMyAdmin security announcement
_________________________________________________________________
Announcement-ID: PMASA-2004-4
Date: 2004-12-13
Summary:
Two vulnerabilities were found in phpMyAdmin, that may allow command
execution and file disclosure.
Description:
We received a security advisory from Nicolas Gregoire (exaprobe.com)
about those vulnerabilities and we wish to thank him for his work.
Both vulnerabilites can be exploited only on a web server where PHP
safe mode is off.
The vulnerabilities apply to those points:
1. Command execution: since phpMyAdmin 2.6.0-pl2, on a system where
external MIME-based transformations are activated, an attacker can
put into MySQL data an offensive value that starts a shell command
when browsed.
2. File disclosure: on systems where the UploadDir mecanism is
active, read_dump.php can be called with a crafted form; using the
fact that the sql_localfile variable is not sanitized can lead to
a file disclosure.
Severity:
As any of those vulnerabilites can be used for command execution or
file disclosure, we consider them to be serious (on servers where PHP
safe mode is off).
Affected versions:
Command execution problem: since phpMyAdmin 2.6.0-pl2. File disclosure
problem: vulnerable since at least version 2.4.0.
Unaffected versions:
CVS HEAD has been fixed. The 2.6.1-rc1 release.
Solution:
We strongly advise everyone to upgrade to version 2.6.1 when released.
Meanwhile, setting PHP safe mode to on avoids those problems. If not
feasible, you should deactivate MIME-based external transformations
and the UploadDir mecanism.
Reference:
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
For further information and in case of questions, please contact the
phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
More information about the News
mailing list