[Phpmyadmin-news] phpMyAdmin security alert (PMASA-2004-4)
DelislMa at CollegeSherbrooke.qc.ca
Mon Dec 13 06:21:02 CET 2004
phpMyAdmin security announcement
Two vulnerabilities were found in phpMyAdmin, that may allow command
execution and file disclosure.
We received a security advisory from Nicolas Gregoire (exaprobe.com)
about those vulnerabilities and we wish to thank him for his work.
Both vulnerabilites can be exploited only on a web server where PHP
safe mode is off.
The vulnerabilities apply to those points:
1. Command execution: since phpMyAdmin 2.6.0-pl2, on a system where
external MIME-based transformations are activated, an attacker can
put into MySQL data an offensive value that starts a shell command
2. File disclosure: on systems where the UploadDir mecanism is
active, read_dump.php can be called with a crafted form; using the
fact that the sql_localfile variable is not sanitized can lead to
a file disclosure.
As any of those vulnerabilites can be used for command execution or
file disclosure, we consider them to be serious (on servers where PHP
safe mode is off).
Command execution problem: since phpMyAdmin 2.6.0-pl2. File disclosure
problem: vulnerable since at least version 2.4.0.
CVS HEAD has been fixed. The 2.6.1-rc1 release.
We strongly advise everyone to upgrade to version 2.6.1 when released.
Meanwhile, setting PHP safe mode to on avoids those problems. If not
feasible, you should deactivate MIME-based external transformations
and the UploadDir mecanism.
For further information and in case of questions, please contact the
phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
More information about the News