drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in phpMyAdmin
Name: |
Ausführen beliebiger Kommandos in phpMyAdmin |
|
ID: |
TLSA-2008-35 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
Datum: |
Fr, 19. September 2008, 03:50 |
|
Referenzen: |
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096 |
|
Applikationen: |
phpMyAdmin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-35 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 18 Sep 2008 Last revised: 18 Sep 2008
Package: phpmyadmin
Summary: Code execution vulnerability
More information: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web.
The server_databases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code (if the PHP configuration permits commands like exec). (PMASA-2008-7)
Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
phpmyadmin-2.11.9.1-1.src.rpm 3118986 acfc18e7b83f167994a9a2433807f4b5
Binary Packages Size: MD5
phpmyadmin-2.11.9.1-1.noarch.rpm 4441721 8633d63f23dc77e62df171ad93a5fd3b
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
phpmyadmin-2.11.9.1-1.src.rpm 3118986 acfc18e7b83f167994a9a2433807f4b5
Binary Packages Size: MD5
phpmyadmin-2.11.9.1-1.noarch.rpm 4443843 6bfed825c227adbd8012154964438315
References:
phpMyAdmin security announcement [PMASA-2008-7] http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
CVE [CVE-2008-4096] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
-------------------------------------------------------------------------- Revision History 18 Sep 2008 Initial release --------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjSOTcACgkQK0LzjOqIJMxE5ACgmb5a7QEfqMwlIu4dJxoJVu2A PNEAn3qzI1FftgTUCRRpo9LlScs0sTnn =IaTJ -----END PGP SIGNATURE-----
|
|
|
|