Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

phpMyAdmin 3.x Multiple Remote Code Executions

From: Mango <h () xxor se>
Date: Thu, 7 Jul 2011 20:42:41 +0200
#######################################################################################

                    phpMyAdmin 3.x Multiple Remote Code Executions

###################################[ Advisory from
]###################################

¨#########¨¨########¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨##¨¨¨¨¨¨¨¨##########.¨¨¨¨
¨¨¨'####:¨¨¨¨:###'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨:##:¨¨¨¨¨¨¨¨'###¨¨¨'###.¨¨
¨¨¨¨¨'###.¨¨.##'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨####¨¨¨¨¨¨¨¨¨###¨¨¨¨¨###¨¨
¨¨¨¨¨¨'###..##'¨¨¨######¨¨#####¨¨.#####.¨¨¨..#¨¨¨___¨¨¨¨¨¨¨¨:#'##:¨¨¨¨¨¨¨¨###¨¨¨¨¨###¨¨
¨¨¨¨¨¨¨'#####'¨¨¨¨¨¨'###:¨¨:##'¨.##''¨''##.####¨######.¨¨¨¨¨#'¨¨##¨¨¨¨¨¨¨¨###¨¨¨¨.###¨¨
¨¨¨¨¨¨¨¨'###:¨¨¨¨¨¨¨¨¨'##..#'¨¨.##'¨¨¨¨¨'##.¨###''¨'##'¨¨¨¨:#¨¨¨##:¨¨¨¨¨¨¨#########:¨¨¨
¨¨¨¨¨¨¨¨.####.¨¨¨¨¨¨¨¨¨'###'¨¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨¨¨#'¨¨¨:##¨¨¨¨¨¨¨###¨¨¨¨'###.¨
¨¨¨¨¨¨¨.##'###.¨¨¨¨¨¨¨¨¨.##.¨¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨¨:########:¨¨¨¨¨¨###¨¨¨¨¨'###¨
¨¨¨¨¨¨.##'¨'###.¨¨¨¨¨¨¨.#'##.¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨¨#'¨¨¨¨¨:##¨¨¨¨¨¨###¨¨¨¨¨¨###¨
¨¨¨¨¨.##'¨¨¨'###.¨¨¨¨¨.#'¨'##.¨'##¨¨¨¨¨¨.##'¨##¨¨¨¨¨¨¨¨¨¨:#¨¨¨¨¨¨¨##:¨¨¨¨¨###¨¨¨¨¨.###¨
¨¨¨.###:¨¨¨¨¨:####.¨.##:¨¨¨:###.'##..¨..##'¨.##.¨¨¨¨¨¨¨¨.##.¨¨¨¨¨.###.¨¨¨.###.¨¨¨.###'¨
¨########¨¨¨#############¨#######''#####''¨#######¨¨¨¨#######¨¨¨#######¨###########'¨¨¨

####################################[
www.Xxor.se]####################################

Application: phpMyAdmin 3.x
Patched ver: 3.3.10.2 and 3.4.3.1
Severity:    High
Exploitable: Remote

#######################################[ Bug 1
]#######################################
A remote variable manipulation vulnerability affecting the superglobal
session
variables that opens up a broad path to other vulnerabilities.

CVE ID:   CVE-2011-2505
PMASA ID: PMASA-2011-5

#######################################[ Bug 2
]#######################################
A remote attacker in control of the superglobal session variables can inject
arbitrary PHP code into a configuration file via an unsanitized key.

CVE ID:   CVE-2011-2506
PMASA ID: PMASA-2011-6

#######################################[ Bug 3
]#######################################
An authenticated remote attacker in control of the superglobal session
variables
can inject and execute arbitrary PHP code in PHP function preg_replace.

CVE ID:   CVE-2011-2507
PMASA ID: PMASA-2011-7

#######################################[ Bug 4
]#######################################
An authenticated remote attacker can use a directory traversal vulnerability
to include
and execute an arbitrary local file.

CVE ID:   CVE-2011-2508
PMASA ID: PMASA-2011-8

########################################[ Fix
]########################################

Upgrade to version 3.3.10.2 or 3.4.3.1.
Or apply patches available at: http://www.phpmyadmin.net/home_page/security/

#####################################[ Timeline
]######################################

2011-06-28 - Contacted vendor
2011-06-28 - Vendor responded
2011-06-28 - Sent Details and Suggested Patches to vendor
2011-07-02 - Vulnerabilities fixed
2011-07-07 - Disclosed

###############################[ Detailed Description
]################################

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

#######################################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: