OSVDB ID: 21508

Title: phpMyAdmin register_globals Emulation $import_blacklist Variable Overwrite

Info

Disclosure

Dec 07, 2005

Discovery

Dec 06, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

phpMyAdmin contains a flaw that may allows a variety of attacks, including cross site scripting, as well as local and remote file inclusion. This flaw exists because the application does not validate the $import_blacklist variable upon submission to numerous scripts. This may allow an attacker to overwrite the variable thus bypassing the security restrictions in place to maintain register_globals emulation. Once this variable has been manipulated, several scripts could then be used to conduct further attacks.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Upgrade
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 2.7.0-p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

phpMyAdmin Development Team

phpMyAdmin

2.7.0

References

Bugtraq ID: 15761
Secunia Advisory ID: 17925 17957 18618
CVE ID: 2005-4079 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0247.html
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0006.html
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml
http://www.hardened-php.net/advisory_252005.110.html
Vendor URL: http://www.phpmyadmin.net
Vendor Specific News/Changelog Entry: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/21508