Bug: phpMyAdmin 3.x Conditional Session Manipulation ( Ascii Version )

Search:
WLB2

phpMyAdmin 3.x Conditional Session Manipulation

Published
Credit
Risk
2011.08.03
Mango
Medium
CWE
CVE
Local
Remote
CWE-20
CVE-2011-2719
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

#######

phpMyAdmin 3.x Conditional Session Manipulation

#############[ Advisory from ]###############

###############[ www.Xxor.se ]###############

Application: phpMyAdmin 3.x
Patched ver: 3.3.10.3 and 3.4.3.2
Severity: Low
Exploitable: Remote
PMASA ID: PMASA-2011-12

###############[ Description ]###############

If the Swekey extention is activated a remote attacker can manipulate the
variables in the the global namespace.

###############[ Fix ###############

Upgrade to version 3.3.10.3 or 3.4.3.2.
Or apply patches available at: http://www.phpmyadmin.net/home_page/security/

#################################[ Timeline ]##################################

2011-07-07 - Reported to vendor
2011-07-23 - Patch available
2011-07-24 - Disclosed

###############

Need to secure a PHP application? Get expert help. Let Xxor AB audit your code.
http://www.xxor.se/services/php-code-audit.php

###############

References:

https://bugzilla.redhat.com/show_bug.cgi?id=725384
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://phpmyadmin.git.sourceforge.net/gi2000t/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
http://xforce.iss.net/xforce/xfdb/68769
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
http://www.securityfocus.com/bid/48874
http://www.securityfocus.com/archive/1/archive/1/518967/100/0/threaded
http://www.debian.org/security/2011/dsa-2286
http://secunia.com/advisories/45365
http://seclists.org/fulldisclosure/2011/Jul/300

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version