[phpmyadmin] [PMASA-2008-1] SQL injection vulnerability (Delayed Cross Site Request Forgery)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Fix Released
|
High
|
Emanuele Gentili | ||
Dapper |
Fix Released
|
High
|
Emanuele Gentili | ||
Edgy |
Fix Released
|
High
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
High
|
Emanuele Gentili | ||
Gutsy |
Fix Released
|
High
|
Emanuele Gentili | ||
Hardy |
Fix Released
|
High
|
Emanuele Gentili |
Bug Description
Binary package hint: phpmyadmin
References:
PMASA-2008-1 (http://
Quoting:
"Description:
We received an advisory from Richard Cunningham, and we wish to thank him for his work. phpMyAdmin used the $_REQUEST superglobal as a source for its parameters, instead of $_GET and $_POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere.
Another application could set a cookie for the root path "/" with a "sql_query" name, therefore overriding the user-submitted sql_query because by default, the $_REQUEST superglobal imports first GET, then POST then COOKIE data.
Severity:
We consider this vulnerability to be serious.
Mitigation factor:
An attacker must trick the victim into visiting a page on the same web server where he has placed code that creates a malicious cookie.
Affected versions:
Versions before 2.11.5.
Solution:
Upgrade to phpMyAdmin 2.11.5 or newer, where $_REQUEST is rebuilt to not contain cookies."
Changed in phpmyadmin: | |
assignee: | emgent → nobody |
assignee: | emgent → nobody |
assignee: | emgent → nobody |
Changed in phpmyadmin: | |
status: | New → In Progress |
Changed in phpmyadmin: | |
status: | Confirmed → In Progress |
Changed in phpmyadmin: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1
---------------
phpmyadmin (4:2.11.3-1ubuntu1) hardy; urgency=low
* SECURITY UPDATE: patches/ 050_CVE- 2008-1149. dpatch nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1149 www.phpmyadmin. net/home_ page/security. php?issue= PMASA-2008- 1
+ debian/
- Provides unauthorized access, Allows partial confidentiality, integrity, and
availability violation , Allows unauthorized disclosure of information ,
Allows disruption of service. (LP: #198745)
* References:
+ http://
+ http://
* debian/control:
+ updated maintainer field
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 20:17:28 +0100