Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in phpMyAdmin
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in phpMyAdmin
ID: TLSA-2008-35
Distribution: TurboLinux
Plattformen: Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition
Datum: Fr, 19. September 2008, 03:50
Referenzen: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
Applikationen: phpMyAdmin

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-35
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 18 Sep 2008
Last revised: 18 Sep 2008

Package: phpmyadmin

Summary: Code execution vulnerability

More information:
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web.

The server_databases.php script was vulnerable to an attack coming from
a user who is already logged-on to phpMyAdmin, where he can execute shell
code (if the PHP configuration permits commands like exec). (PMASA-2008-7)

Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0


<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

phpmyadmin-2.11.9.1-1.src.rpm
3118986 acfc18e7b83f167994a9a2433807f4b5

Binary Packages
Size: MD5

phpmyadmin-2.11.9.1-1.noarch.rpm
4441721 8633d63f23dc77e62df171ad93a5fd3b

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

phpmyadmin-2.11.9.1-1.src.rpm
3118986 acfc18e7b83f167994a9a2433807f4b5

Binary Packages
Size: MD5

phpmyadmin-2.11.9.1-1.noarch.rpm
4443843 6bfed825c227adbd8012154964438315


References:

phpMyAdmin security announcement
[PMASA-2008-7]
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7

CVE
[CVE-2008-4096]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096

--------------------------------------------------------------------------
Revision History
18 Sep 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjSOTcACgkQK0LzjOqIJMxE5ACgmb5a7QEfqMwlIu4dJxoJVu2A
PNEAn3qzI1FftgTUCRRpo9LlScs0sTnn
=IaTJ
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung