phpMyAdmin 3.x Conditional Session Manipulation

2011.08.03
Credit: Mango
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

####### phpMyAdmin 3.x Conditional Session Manipulation #############[ Advisory from ]############### ###############[ www.Xxor.se ]############### Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 ###############[ Description ]############### If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. ###############[ Fix ############### Upgrade to version 3.3.10.3 or 3.4.3.2. Or apply patches available at: http://www.phpmyadmin.net/home_page/security/ #################################[ Timeline ]################################## 2011-07-07 - Reported to vendor 2011-07-23 - Patch available 2011-07-24 - Disclosed ############### Need to secure a PHP application? Get expert help. Let Xxor AB audit your code. http://www.xxor.se/services/php-code-audit.php ###############

References:

https://bugzilla.redhat.com/show_bug.cgi?id=725384
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://phpmyadmin.git.sourceforge.net/gi2000t/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
http://xforce.iss.net/xforce/xfdb/68769
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
http://www.securityfocus.com/bid/48874
http://www.securityfocus.com/archive/1/archive/1/518967/100/0/threaded
http://www.debian.org/security/2011/dsa-2286
http://secunia.com/advisories/45365
http://seclists.org/fulldisclosure/2011/Jul/300


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top