Package: phpmyadmin
Version: 4:3.3.7-6
Severity: normal
Vulnerability in phpmyadmin in squeeze has been exploited wildly in public.
Spion from #debian-security asked this to be handled quickly.
Tracker: http://security-tracker.debian.org/tracker/CVE-2011-4107
Exploit: http://www.exploit-db.com/exploits/18371/
OSVDB: http://osvdb.org/show/osvdb/76798
Please note that I have not validated this vulnerability and there is something
strange going on as OSVDB has subject: libraries/import/xml.php XML Data
Entity References Parsing Remote Information Disclosure and exploit-db is
talking about LFI. Probably both are true. Contact me in case you need any help
solving this issue. I can test and try to patch for example if needed. From
MITRE's CVE-list:
==
Name: CVE-2011-4107
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
Phase: Assigned (20111018)
Category:
Reference: FULLDISC:2002 PhpMyAdmin Arbitrary File Reading
Reference: URL:http://seclists.org/fulldisclosure/2011/Nov/21
Reference:
MISC:http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
Reference: MISC:http://www.wooyun.org/bugs/wooyun-2010-03185
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=751112
Reference:
CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
Reference: FEDORA:FEDORA-2011-15831
Reference:
URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
Reference: FEDORA:FEDORA-2011-15841
Reference:
URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
Reference: FEDORA:FEDORA-2011-15846
Reference:
URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
Reference: BID:50497
Reference: URL:http://www.securityfocus.com/bid/50497
Reference: OSVDB:76798
Reference: URL:http://osvdb.org/76798
Reference: SECUNIA:46447
Reference: URL:http://secunia.com/advisories/46447
Reference: XF:phpmyadmin-xml-info-disclosure(71108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/71108
The simplexml_load_string function in the XML import plug-in
(libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and
3.3.x before 3.3.10.5 allows remote authenticated users to read
arbitrary files via XML data containing external entity references,
aka an XML external entity (XXE) injection attack.
Current Votes:
None (candidate not yet proposed)
==
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages phpmyadmin depends on:
ii dbconfig-common1.8.46+squeeze.0 common framework for packaging dat
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libapache2-mod-php55.3.3-7+squeeze3 server-side, HTML-embedded scripti
ii libjs-mootools 1.2.4.0~debian1-1 compact JavaScript framework
ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction
ii php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripti
ii php5-cgi 5.3.3-7+squeeze3 server-side, HTML-embedded scripti
ii php5-mcrypt5.3.3-7+squeeze3 MCrypt module for php5
ii php5-mysql 5.3.3-7+squeeze3 MySQL module for php5
ii ucf3.0025+nmu1 Update Configuration File: preserv
Versions of packages phpmyadmin recommends:
ii apache22.2.16-6+squeeze4 Apache HTTP Server metapackage
ii apache2-mpm-prefork [h 2.2.16-6+squeeze4 Apache HTTP Server - traditional n
ii mysql-client 5.1.49-3 MySQL database client (metapackage
ii mysql-client-5.1 [mysq 5.1.49-3 MySQL database client binaries
ii php5-gd5.3.3-7+squeeze3 GD module for php5
Versions of packages phpmyadmin suggests:
pn mysql-server none (no description available)
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
