Bug 661335 (CVE-2010-4480)

Summary: CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, mmcgrath, redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-30 06:09:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 662367    
Bug Blocks:    

Description Vincent Danen 2010-12-08 15:38:29 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4480 to
the following vulnerability:

Name: CVE-2010-4480
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480
Assigned: 20101207
Reference: EXPLOIT-DB:15699
Reference: URL: http://www.exploit-db.com/exploits/15699
Reference: VUPEN:ADV-2010-3133
Reference: URL: http://www.vupen.com/english/advisories/2010/3133

error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to
conduct cross-site scripting (XSS) attacks via a crafted BBcode tag
containing "@" characters, as demonstrated using "[a@url@page]".


No new version of phpMyAdmin is available as of yet, but the following looks like the relevant commit to fix this issue:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=aa6fec0532a9dd48d4e35831c1b1c9785c124dd7
Comment 1 Vincent Danen 2010-12-12 04:20:38 UTC 
The upstream advisory is here:

http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php
Comment 2 Vincent Danen 2010-12-12 04:27:30 UTC 
Created phpMyAdmin tracking bugs for this issue

Affects: fedora-all [bug 662367]
Comment 3 Robert Scheck 2011-05-29 20:54:24 UTC 
May somebody please close this report? phpMyAdmin 3.3.10 is on all active
Fedora and EPEL branches available that have PHP >= 5.2.
Comment 4 Jan Lieskovsky 2011-05-30 06:09:03 UTC 
(In reply to comment #3)
> May somebody please close this report? phpMyAdmin 3.3.10 is on all active
> Fedora and EPEL branches available that have PHP >= 5.2.

Done. Thanks Robert.