Description of problem: Insufficient output sanitizing when generating configuration file, see: http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php Version-Release number of selected component (if applicable): For 2.11.x: versions before 2.11.9.5. For 3.x: versions before 3.1.3.1. -> Affects all active Fedora and EPEL branches.
phpMyAdmin-3.1.3.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/phpMyAdmin-3.1.3.1-1.fc9
phpMyAdmin-3.1.3.1-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/phpMyAdmin-3.1.3.1-1.fc10
1822 (phpMyAdmin): Build on target fedora-4-epel succeeded. 1821 (phpMyAdmin): Build on target fedora-5-epel succeeded. Package: phpMyAdmin-3.1.3.1-1.fc9 Tag: dist-f9-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.1.3.1-1.fc10 Tag: dist-f10-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.1.3.1-1.fc11 Tag: dist-f11 Status: complete Built by: robert
There are actually 3 PMASAs for security issues fixed in 3.1.3.1 and 2.11.9.5: HTTP Response Splitting and file inclusion vulnerability. http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12303 Cross-site scripting on export page using cookies http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12302 Insufficient output sanitizing when generating configuration file. http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301
phpMyAdmin-3.1.3.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.1.3.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1148 to the following vulnerability: Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1148 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303 http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php ------------------------------------------------------------------------- Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1149 to the following vulnerability: CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1149 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303 http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php -------------------------------------------------------------------------- Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1150 to the following vulnerability: Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302 http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php ---------------------------------------------------------------------------- Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1151 to the following vulnerability: Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
Any reason to keep this bug report still open? The packages have been reached the repositories, I would say and all active branches are covered with fixes.