Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation Aug 04 2011 06:29AM
Henri Salo (henri nerv fi)
On Sun, Jul 24, 2011 at 06:10:00PM +0200, Mango wrote:
> ########################################################################
#######
>
> phpMyAdmin 3.x Conditional Session Manipulation
>
> ###############################[ Advisory from ]###############################
>
> #########¨¨########¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨##¨¨¨¨¨######
###.¨¨¨
> ¨¨'####:¨¨¨¨:###'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨:##:¨¨¨¨¨'###¨
¨'###.¨
> ¨¨¨¨'###.¨¨.##'¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨####¨¨¨¨¨¨###¨
¨¨¨###¨
> ¨¨¨¨¨'###..##'¨¨¨######¨¨#####¨¨.#####.¨¨¨..#¨¨¨___¨¨¨¨¨¨:#'##:¨¨¨¨¨###¨
¨¨¨###¨
> ¨¨¨¨¨¨'#####'¨¨¨¨¨'###:¨¨:##'¨.##''¨''##.####¨######.¨¨¨¨#'¨¨##¨¨¨¨¨###¨
¨¨.###¨
> ¨¨¨¨¨¨¨'###:¨¨¨¨¨¨¨¨'##..#'¨¨.##'¨¨¨¨¨'##.¨###''¨'##'¨¨¨:#¨¨¨##:¨¨¨¨####
####:¨¨
> ¨¨¨¨¨¨¨.####.¨¨¨¨¨¨¨¨'###'¨¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨¨#'¨¨¨:##¨¨¨¨###¨
¨¨'###.
> ¨¨¨¨¨¨.##'###.¨¨¨¨¨¨¨¨.##.¨¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨:########:¨¨¨###¨
¨¨¨'###
> ¨¨¨¨¨.##'¨'###.¨¨¨¨¨¨.#'##.¨¨###¨¨¨¨¨¨¨###¨##¨¨¨¨¨¨¨¨¨¨#'¨¨¨¨¨:##¨¨¨###¨
¨¨¨¨###
> ¨¨¨¨.##'¨¨¨'###.¨¨¨¨.#'¨'##.¨'##¨¨¨¨¨¨.##'¨##¨¨¨¨¨¨¨¨¨:#¨¨¨¨¨¨¨##:¨¨###¨
¨¨¨.###
> ¨¨.###:¨¨¨¨¨:####..##:¨¨¨:###.'##..¨..##'¨.##.¨¨¨¨¨¨¨.##.¨¨¨¨¨.###..###.
¨¨.###'
> ########¨¨¨############¨#######''#####''¨#######¨¨¨#######¨¨¨###########
####'¨¨
>
> ################################[ www.Xxor.se ]################################
>
> Application: phpMyAdmin 3.x
> Patched ver: 3.3.10.3 and 3.4.3.2
> Severity: Low
> Exploitable: Remote
> PMASA ID: PMASA-2011-12
>
>
> ################################[ Description ]################################
>
> If the Swekey extention is activated a remote attacker can manipulate the
> variables in the the global namespace.
>
>
> ####################################[ Fix ]####################################
>
> Upgrade to version 3.3.10.3 or 3.4.3.2.
> Or apply patches available at: http://www.phpmyadmin.net/home_page/security/
>
>
> #################################[ Timeline ]##################################
>
> 2011-07-07 - Reported to vendor
> 2011-07-23 - Patch available
> 2011-07-24 - Disclosed

This issue can be refered as CVE-2011-2719.

Best regards,
Henri Salo

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus