'Re: [oss-security] CVE-Request -- phpMyAdmin -- PMASA-2011-11 and'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-Request -- phpMyAdmin -- PMASA-2011-11 and
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-07-26 19:43:22
Message-ID: 1799861424.1604227.1311709402267.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]



----- Original Message -----
> Hello Josh, Steve, vendors,
> 
> the following two doesn't seem to have CVE identifiers yet:
> 1) http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
> 
> A local file inclusion and arbitrary SQL code execution flaws were
> found in the way phpMyAdmin, the MySQL over WWW administration tool,
> performed 'export_type' sanitization, when retrieving and verifying
> relation schema export options. A local attacker could use this flaw
> to
> obtain security sensitive information or, potentially, execute
> arbitrary SQL code with the privileges of the user running the query.
> 
> References:
> [1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
> [2] http://www.phpmyadmin.net/home_page/news.php
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=725383
> 
> Upstream patches:
> [4]
> http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
>  
> Further flaw exploitation note:
> An attacker must be logged in via phpMyAdmin to exploit this problem.
> 
> Affected versions:
> Versions 3.4.0 to 3.4.3.1 are affected.
> 
> 2) http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
> 
> A session values manipulation flaw was found in the way phpMyAdmin,
> the
> MySQL over WWW administration tool, performed sanitization of the
> user-provided query string, when the Swekey extension based
> authentication method was enabled. A remote attacker could use this
> flaw
> to manipulate the PHP session superglobal variable via
> specially-crafted
> query string provided to the Swekey authentication module.
> 
> References:
> [1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
> [2] http://www.phpmyadmin.net/home_page/news.php
> [3] http://seclists.org/fulldisclosure/2011/Jul/300
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=725384
> 
> Upstream patches:
> [5]
> http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
>  [6]
> http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
>  
> Patches against v3.3 branch:
> [7]
> http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=f6f6ee3f1171addb166fa18e75a0b56599bf374c
>  [8]
> http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=630b8260be45eb9b211f5d7628dbb9e5c1b05bc6
>  
> Affected Versions:
> The 3.4.3.1 and earlier versions are affected.
> Branch 2.11.x is not affected by this.
> 
> 3) The other two recent phpMyAdmin issues (addressed in v3.3.10.3,
> v3.4.3.2) already have CVE identifiers:
> [1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
> [2] http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
> 
> Cc-ed phpMyAdmin upstream contact, Herman van Rink, to correct me on
> the description of the 1) and 2) flaws, where appropriate.
> 
> Josh, Steve, could you please allocate CVE ids for 1)
> PMASA-2011-11.php

Use CVE-2011-2718 for PMASA-2011-11

> and 2) PMASA-2011-12.php issues?
> 

Use CVE-2011-2719 for PMASA-2011-12

Thanks.

-- 
    JB


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic