Launchpad CVE tracker

CVE 2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

Related bugs and status

CVE-2008-1567 (Candidate) is related to these bugs:

Bug #227283: [phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising

		In	Importance	Status
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Hardy)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Intrepid)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Dapper)	Undecided	Won't Fix
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Gutsy)	Undecided	Won't Fix
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Feisty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
SECUNIA: 29613
FEDORA: FEDORA-2008-2825
FEDORA: FEDORA-2008-2874
SECUNIA: 29588
BID: 28560
DEBIAN: DSA-1557
SECUNIA: 29964
MANDRIVA: MDVSA-2008:131
SECUNIA: 30816
SUSE: SUSE-SR:2008:026
SECUNIA: 32834
SUSE: SUSE-SR:2009:003
SECUNIA: 33822
VUPEN: ADV-2008-1037
MISC: http://sourceforge.net...
XF: phpmyadmin-sessiondata...

Launchpad.net

CVE 2008-1567

Related bugs and status

Related bugs

References