Educause Security Discussion mailing list archives
Compromised version of phpMyAdmin contains backdoor
From: Chuck Braden <j-braden () TAMU EDU>
Date: Tue, 25 Sep 2012 20:56:14 +0000
If you are running phpMyAdmin, and have recently performed an update, you might have a compromised version. In short, any version that was downloaded from the SourceForge Mirror site - cdnetworks-kr-1 and contains file - server_sync.php. probably contains a backdoor. As this vulnerability is classified as EXTREMELY CRITICAL, I would suggest you verify that no such file exists in your installed version. <http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php> http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php Solution Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php. <http://secunia.com/advisories/50703/> http://secunia.com/advisories/50703/ Secunia Advisory SA50703 phpMyAdmin Compromised Source Package Backdoor Security Issue Secunia Advisory SA50703 Release Date 2012-09-25 Criticality level Extremely critical Description A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code. The compromised source file was distributed via the "cdnetworks-kr-1" SourceForge mirror with the phpMyAdmin-3.5.2.2-all-languages.zip download. Solution Download and reinstall phpMyAdmin. Provided and/or discovered by The vendor credits Tencent Security Response Center. Original Advisory <http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php> http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php Jimmy C Braden Information Security Officer AgriLife Information Technology 979-862-7254 j-braden () tamu edu
Attachment:
smime.p7s
Description:
Current thread:
- Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 25)
- Re: Compromised version of phpMyAdmin contains backdoor Valdis Kletnieks (Sep 25)
- Re: Compromised version of phpMyAdmin contains backdoor Basile, Daniel L. (Sep 25)
- Re: Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 27)
- Re: Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 27)
- Re: Compromised version of phpMyAdmin contains backdoor Basile, Daniel L. (Sep 25)
- Re: Compromised version of phpMyAdmin contains backdoor Valdis Kletnieks (Sep 25)