drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in phpmyadmin
| Name: |
Ausführen beliebiger Kommandos in phpmyadmin |
|
| ID: |
TLSA-2009-3 |
|
| Distribution: |
TurboLinux |
|
| Plattformen: |
Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
| Datum: |
Fr, 30. Januar 2009, 03:50 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622 |
|
| Applikationen: |
phpMyAdmin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-3
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 29 Jan 2009
Last revised: 29 Jan 2009
Package: phpmyadmin
Summary: Multiple cross-site request forgery (CSRF) vulnerabilities
More information:
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web.
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before
2.11.9.4
and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized
actions
as the administrator via a link or IMG tag to tbl_structure.php with a
modified
table parameter. NOTE: this can be leveraged to conduct SQL injection
attacks
and execute arbitrary code. (CVE-2008-5621)
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin
2.11.x
before 2.11.9.4 and 3.x before 3.1.1.0 allow remote attackers to conduct
SQL injection attacks via unknown vectors related to the table parameter,
a different vector than CVE-2008-5621. (CVE-2008-5622)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
phpmyadmin-2.11.9.4-1.src.rpm
3118827 a015b62542cc4a50b32a2a48dd4cf0ad
Binary Packages
Size: MD5
phpmyadmin-2.11.9.4-1.noarch.rpm
4442830 83f9add69b94f5c4ecba9467e96d978c
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
phpmyadmin-2.11.9.4-1.src.rpm
3118827 a015b62542cc4a50b32a2a48dd4cf0ad
Binary Packages
Size: MD5
phpmyadmin-2.11.9.4-1.noarch.rpm
4443170 c089c3900f9e69ac27bb601ba2a0dda0
References:
CVE
[CVE-2008-5621]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621
[CVE-2008-5622]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622
--------------------------------------------------------------------------
Revision History
29 Jan 2009 Initial release
--------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
iEYEARECAAYFAkmBdBoACgkQK0LzjOqIJMxXZACgpBt9cgU208nQEHBAyTIiApNn
L+MAoJ9ccUyVtwJ8CsVvg3JGtOX656N7
=gao3
-----END PGP SIGNATURE-----
|
|
|
|
