CVE-2010-3056 - Several XSS vulnerabilities were found in the code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned | ||
Karmic |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Binary package hint: phpmyadmin
http://
Announcement-ID: PMASA-2010-5
Date: 2010-08-20
Summary
Several XSS vulnerabilities were found in the code.
Description
It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages.
Severity
We consider this vulnerability to be serious.
Affected Versions
For 2.11.x: versions before 2.11.10.1 are affected.
For 3.x: versions before 3.3.5.1 are affected.
Solution
Upgrade to phpMyAdmin 3.3.5.1 or 2.11.10.1 or newer or apply patch listed below.
References
Thanks to Aung Khant from YGN Ethical Hacker Group, Myanmar for reporting this issue. See their advisory for more details. After this report the team did audit the code as well and discovered more issues which are fixed as well.
Assigned CVE ids: CVE-2010-3056
Patches
Following commits have been made to fix this issue:
* 48e909660032ddc
* be0f47a93141e29
* cd205cc55a46e3d
* 7dc6cea06522b2d
* 6028221d97efa2a
* 2a1233b69ccc6c6
* fa30188dde35742
* 00add5c43f594f8
* c75e41d5d8cdd9b
* 533e10213590e7c
* ea3b718fc379c15
* 7f266483b827fb0
* 5bcd95a42c8ba92
* 6d548f7d449b7d4
* d2e0e09e0d40255
* f273e6cbf6e2eea
* bf60ec82e948450
* 59b3b4916b31fa4
Following commits have been made on 2.11 branch to fix this issue:
* a7c004d8d4069ca
* 8b7f07cd954221f
* 1fe1aa6c0e2d85b
* 8b8ce64792bb981
* a4a54da173440d4
* c69fca50ee81ff7
* c910f4c9ec9af87
* 08e27b89077df26
* 110c44a7a3117b9
* 4951fd1c854d88e
* 4a50055d52cb1d6
* 0fd0512c9b7344a
* 2051a861f8a968d
* a88dbaf305a4410
Maverick will be fixed with bug 622900 (sync 3.3.5.1)