Educause Security Discussion mailing list archives

Compromised version of phpMyAdmin contains backdoor

From: Chuck Braden <j-braden () TAMU EDU>
Date: Tue, 25 Sep 2012 20:56:14 +0000

If you are running phpMyAdmin, and have recently performed an update, you
might have a compromised version.  In short, any version that was downloaded
from the SourceForge Mirror site - cdnetworks-kr-1 and contains file -
server_sync.php. probably contains a backdoor. As this vulnerability is
classified as EXTREMELY CRITICAL, I would suggest you verify that no such
file exists in your installed version. 

 

 <http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php>
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php 

Solution

Check your phpMyAdmin distribution and download it again from a trusted
mirror if your copy contains a file named server_sync.php. 

 

 <http://secunia.com/advisories/50703/> http://secunia.com/advisories/50703/


Secunia Advisory SA50703

phpMyAdmin Compromised Source Package Backdoor Security Issue

Secunia Advisory               SA50703              

Release Date      2012-09-25         

                              

Criticality level Extremely critical 

Description

A security issue has been reported in phpMyAdmin, which can be exploited by
malicious people to compromise a vulnerable system.

 

The security issue is caused due to the distribution of a compromised
phpMyAdmin source code package containing a backdoor, which can be exploited
to e.g. execute arbitrary PHP code.

 

The compromised source file was distributed via the "cdnetworks-kr-1"
SourceForge mirror with the phpMyAdmin-3.5.2.2-all-languages.zip download.

 

Solution

Download and reinstall phpMyAdmin.

Provided and/or discovered by

The vendor credits Tencent Security Response Center.

 

Original Advisory

 <http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php>
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php 

 

 

 

Jimmy C Braden

Information Security Officer

AgriLife Information Technology

979-862-7254

j-braden () tamu edu

Attachment: smime.p7s
Description:

Current thread:

Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 25)
- Re: Compromised version of phpMyAdmin contains backdoor Valdis Kletnieks (Sep 25)
  - Re: Compromised version of phpMyAdmin contains backdoor Basile, Daniel L. (Sep 25)
    - Re: Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 27)
    - Re: Compromised version of phpMyAdmin contains backdoor Chuck Braden (Sep 27)