Bug 557307 (CVE-2008-7251, CVE-2008-7252, CVE-2009-4605)

Summary: CVE-2008-7251 CVE-2008-7252 CVE-2009-4605 phpMyAdmin 2.x multiple vulnerabilities
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mmcgrath, redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7251
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 11:19:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2010-01-20 23:28:18 UTC 
Common Vulnerabilities and Exposures assigned the identifiers CVE-2008-7251, CVE-2008-7252, and CVE-2009-4605 to the following vulnerabilities:

Name: CVE-2008-7251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7251
Assigned: 20100112
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11536&r2=11535&pathrev=11536
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
Reference: CONFIRM: http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
Reference: BID:37826
Reference: URL: http://www.securityfocus.com/bid/37826
Reference: SECUNIA:38211
Reference: URL: http://secunia.com/advisories/38211

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a
temporary directory with 0777 permissions, which has unknown impact
and attack vectors.

Name: CVE-2008-7252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7252
Assigned: 20100112
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
Reference: CONFIRM: http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
Reference: BID:37826
Reference: URL: http://www.securityfocus.com/bid/37826
Reference: SECUNIA:38211
Reference: URL: http://secunia.com/advisories/38211

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses
predictable filenames for temporary files, which has unknown impact
and attack vectors.


Name: CVE-2009-4605
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4605
Assigned: 20100112
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
Reference: CONFIRM: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
Reference: CONFIRM: http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
Reference: SECUNIA:38211
Reference: URL: http://secunia.com/advisories/38211

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before
2.11.10 calls the unserialize function on the values of the (1)
configuration and (2) v[0] parameters, which might allow remote
attackers to conduct cross-site request forgery (CSRF) attacks via
unspecified vectors.


Please note that none of these issues affect phpMyAdmin 3.x and as a result Fedora is not affected by these issues.  Current EPEL contains phpMyAdmin 2.11.9 and is affected by these issues.
Comment 1 Robert Scheck 2010-01-21 07:10:33 UTC 
Vincent, thanks for pointing me to this.

So if I apply all three diffs as patches to EPEL 4 and 5, we're fine and
secure again?
Comment 2 Vincent Danen 2010-01-21 15:15:57 UTC 
Yes, but since EPEL has 2.11.9 and 2.11.10 fixes it, it probably makes more sense to do a version bump to the newer 2.11.10 version.
Comment 3 Robert Scheck 2010-01-21 15:58:54 UTC 
Urgs...I didn't realize that something > 2.11.9 has been released at all. Then
an update to the latest version will solve this. I'll prepare that update this 
evening.
Comment 4 Fedora Update System 2010-01-21 20:11:20 UTC 
phpMyAdmin-2.11.10-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/phpMyAdmin-2.11.10-1.el5
Comment 5 Fedora Update System 2010-01-21 20:11:30 UTC 
phpMyAdmin-2.11.10-1.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/phpMyAdmin-2.11.10-1.el4
Comment 6 Fedora Update System 2010-02-09 03:56:18 UTC 
phpMyAdmin-2.11.10-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-02-09 03:56:28 UTC 
phpMyAdmin-2.11.10-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.