drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in phpmyadmin
Name: |
Ausführen beliebiger Kommandos in phpmyadmin |
|
ID: |
TLSA-2009-3 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
Datum: |
Fr, 30. Januar 2009, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622 |
|
Applikationen: |
phpMyAdmin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-3 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 29 Jan 2009 Last revised: 29 Jan 2009
Package: phpmyadmin
Summary: Multiple cross-site request forgery (CSRF) vulnerabilities
More information: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web.
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. (CVE-2008-5621)
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allow remote attackers to conduct SQL injection attacks via unknown vectors related to the table parameter, a different vector than CVE-2008-5621. (CVE-2008-5622)
Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
phpmyadmin-2.11.9.4-1.src.rpm 3118827 a015b62542cc4a50b32a2a48dd4cf0ad
Binary Packages Size: MD5
phpmyadmin-2.11.9.4-1.noarch.rpm 4442830 83f9add69b94f5c4ecba9467e96d978c
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
phpmyadmin-2.11.9.4-1.src.rpm 3118827 a015b62542cc4a50b32a2a48dd4cf0ad
Binary Packages Size: MD5
phpmyadmin-2.11.9.4-1.noarch.rpm 4443170 c089c3900f9e69ac27bb601ba2a0dda0
References:
CVE [CVE-2008-5621] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621 [CVE-2008-5622] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622
-------------------------------------------------------------------------- Revision History 29 Jan 2009 Initial release --------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux)
iEYEARECAAYFAkmBdBoACgkQK0LzjOqIJMxXZACgpBt9cgU208nQEHBAyTIiApNn L+MAoJ9ccUyVtwJ8CsVvg3JGtOX656N7 =gao3 -----END PGP SIGNATURE-----
|
|
|
|