blob: 43481dc89a6b86361081ad3cd546ca87a7c0dffd [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200412-19">
<title>phpMyAdmin: Multiple vulnerabilities</title>
phpMyAdmin contains multiple vulnerabilities which could lead to file
disclosure or command execution.
<product type="ebuild">phpmyadmin</product>
<announced>December 19, 2004</announced>
<revised>December 19, 2004: 01</revised>
<package name="dev-db/phpmyadmin" auto="yes" arch="*">
<unaffected range="ge">2.6.1_rc1</unaffected>
<vulnerable range="lt">2.6.1_rc1</vulnerable>
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL databases from a web-browser.
Nicolas Gregoire ( has discovered two vulnerabilities
that exist only on a webserver where PHP safe_mode is off. These
vulnerabilities could lead to command execution or file disclosure.
<impact type="high">
On a system where external MIME-based transformations are enabled,
an attacker can insert offensive values in MySQL, which would start a
shell when the data is browsed. On a system where the UploadDir is
enabled, read_dump.php could use the unsanitized sql_localfile variable
to disclose a file.
You can temporarily enable PHP safe_mode or disable external
MIME-based transformation AND disable the UploadDir. But instead, we
strongly advise to update your version to 2.6.1_rc1.
All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-db/phpmyadmin-2.6.1_rc1&quot;</code>
<uri link="">CAN-2004-1147</uri>
<uri link="">CAN-2004-1148</uri>
<uri link="">PHPMyAdmin advisory: PMASA-2004-4</uri>
<uri link=""> advisory: esa-2004-1213</uri>
<metadata tag="submitter" timestamp="Thu, 16 Dec 2004 13:35:32 +0000">
<metadata tag="bugReady" timestamp="Sat, 18 Dec 2004 14:47:08 +0000">