221694 – (CVE-2007-0095) CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure

Bug 221694 (CVE-2007-0095) - CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure

Summary: CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-0095
Product:	Fedora
Classification:	Fedora
Component:	phpMyAdmin
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Mike McGrath
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-01-06 08:34 UTC by Ville Skyttä
Modified:	2007-12-10 20:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:	2.11.3-1.fc7
Clone Of:
Environment:
Last Closed:	2007-12-10 20:44:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Proposal of a possible fix for CVE-2007-0095 (1022 bytes, patch) 2007-12-09 14:08 UTC, Robert Scheck	no flags	Details \| Diff
View All

Description Ville Skyttä 2007-01-06 08:34:35 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0095

"phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via
a direct request for themes/darkblue_orange/layout.inc.php, which reveals the
path in an error message."

FC5+ apparently affected, even though I'm not sure if this is an issue at all.

Comment 1 Jason Tibbitts 2007-01-06 17:04:53 UTC

For any Fedora installation, you know the path just from inspecting the RPM. 
But this does disclose that the site is probably run on Fedora, which could
conceivably be an issue.  Not that our Apache doesn't by default do the same
thing, but that's configurable.

So yes, this is an issue, although it's a terribly minor one.

Comment 2 Mike McGrath 2007-01-08 01:42:35 UTC

I agree with Tibbs, I'm going to keep an eye on this to see if anything more
comes of it I'll update.  Otherwise I'll wait until the next version comes out.

Comment 3 Mike McGrath 2007-01-20 10:34:35 UTC

2.9.2 is out.  Its built and should be on the mirrors soon.

Comment 4 Ville Skyttä 2007-01-20 11:03:03 UTC

It doesn't look like 2.9.2 fixes this though.

The demo server at http://pma.cihar.com/STABLE/ runs 2.9.2, but directly
requesting http://pma.cihar.com/STABLE/themes/darkblue_orange/layout.inc.php
after logging in reveals a path:

"Fatal error: Call to a member function getImgPath() on a non-object in
/srv/http/pma.cihar.com/STABLE/themes/darkblue_orange/layout.inc.php"

Comment 5 Ville Skyttä 2007-03-10 21:33:29 UTC

The demo server in comment 4 seems to have been updated to 2.10.0.2 but still
shows the same problem.

Comment 6 Tomas Hoger 2007-10-18 08:06:13 UTC

The demo server in comment 4 now advertises usage of 2.11.1.2 and the problem
still occurs.

Comment 7 Robert Scheck 2007-11-21 20:45:53 UTC

Same problem on phpMyAdmin 2.11.2.2 further on:

Fatal error: Call to a member function on a non-object in
/srv/www/phpMyAdmin/themes/darkblue_orange/layout.inc.php on line 75

Comment 8 Robert Scheck 2007-12-09 14:08:26 UTC

Created attachment 282211 [details]
Proposal of a possible fix for CVE-2007-0095

Can somebody please review this patch carefully, because upstream seems
not to be interested to solve this issue at all.

Comment 9 Fedora Update System 2007-12-10 20:44:47 UTC

phpMyAdmin-2.11.3-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2007-12-10 20:47:05 UTC

phpMyAdmin-2.11.3-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.