phpMyAdmin 3.x Multiple Remote Code Executions

2011.07.19
Credit: Mango
Risk: High
Local: No
Remote: Yes
CWE: CWE-94
CWE-22

######################################################################## ############### phpMyAdmin 3.x Multiple Remote Code Executions ###################################[ Advisory from ]################################### ################### ##########. '####::###':##: '###'###. '###..##'#### ###### '###..##'###########.#####...#___:#'##: ###### '#####''###::##'.##''''##.##########.#'## ###.### '###:'##..#'.##''##.###'''##':###: #########: .####.'###'#########':## ###'###. .##'###..##.########:########: ###'### .##''###..#'##.#########':## ###### .##''###..#''##.'##.##'##:###: ###.### .###::####..##::###.'##....##'.##..##..###. .###..###' ############################''#####''##################### ###########' ####################################[ www.Xxor.se ]#################################### Application: phpMyAdmin 3.x Patched ver: 3.3.10.2 and 3.4.3.1 Severity: High Exploitable: Remote #######################################[ Bug 1 ]####################################### A remote variable manipulation vulnerability affecting the superglobal session variables that opens up a broad path to other vulnerabilities. CVE ID: CVE-2011-2505 PMASA ID: PMASA-2011-5 #######################################[ Bug 2 ]####################################### A remote attacker in control of the superglobal session variables can inject arbitrary PHP code into a configuration file via an unsanitized key. CVE ID: CVE-2011-2506 PMASA ID: PMASA-2011-6 #######################################[ Bug 3 ]####################################### An authenticated remote attacker in control of the superglobal session variables can inject and execute arbitrary PHP code in PHP function preg_replace. CVE ID: CVE-2011-2507 PMASA ID: PMASA-2011-7 #######################################[ Bug 4 ]####################################### An authenticated remote attacker can use a directory traversal vulnerability to include and execute an arbitrary local file. CVE ID: CVE-2011-2508 PMASA ID: PMASA-2011-8 ########################################[ Fix ]######################################## Upgrade to version 3.3.10.2 or 3.4.3.1. Or apply patches available at: http://www.phpmyadmin.net/home_page/security/ #####################################[ Timeline ]###################################### 2011-06-28 - Contacted vendor 2011-06-28 - Vendor responded 2011-06-28 - Sent Details and Suggested Patches to vendor 2011-07-02 - Vulnerabilities fixed 2011-07-07 - Disclosed ###############################[ Detailed Description ]################################ http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html ######################################################################## ###############

References:

http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7
http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
http://www.securityfocus.com/archive/1/archive/1/518804/100/0/threaded
http://www.osvdb.org/73614
http://www.openwall.com/lists/oss-security/2011/06/29/11
http://www.openwall.com/lists/oss-security/2011/06/28/8
http://www.openwall.com/lists/oss-security/2011/06/28/6
http://www.openwall.com/lists/oss-security/2011/06/28/2
http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
http://secunia.com/advisories/45139
http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top