PMASA-2003-1

Announcement-ID: PMASA-2003-1

Date: 2003-06-18

Summary

Several security issues were reported to BugTraq mailing list. However most of these issues were already fixed some time ago.

Description

Reporter wrote that he found following issues within phpMyAdmin code (each issue is followed by our comment):

  • Directory transversal attack - Already fixed in 2.5.0 release
  • Remote local file retrieving - Author didn't show any proof of this
  • Remote internal directory listing - It was possible to retrieve listing of phpMyAdmin directory, however content of this directory is publicly known. This was fixed for upcoming 2.5.2 release.
  • XSS and Path disclosures - Most of these issues were fixed in 2.5.0 release, however some of these were still there and these will be fixed in upcoming 2.5.2 release.
  • Information encoding weakness - We believe that an exploit for this weakness would be difficult to achieve. However version 2.5.2 now encrypts the password with the well-known blowfish algorithm.

Severity

Only really problematic issue in current versions is XSS attack, which in combination with clever javascript could be used to steal authentication, but this would require to force user to click on link supplied by attacker. Therefore we consider this issue as important.

Affected Versions

All releases up to and not including 2.5.2. See description for more details about this.

Unaffected Versions

CVS HEAD has been fixed. The upcoming 2.5.2 release.

Solution

We strongly advise everyone to upgrade to CVS HEAD or to the next version of phpMyAdmin, which is to be released soon.

References

http://www.securityfocus.com/archive/1/325641

CWE ids: CWE-661 CWE-79

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements