Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 

Current Newswire:

Extending Nautilus, Scripting Your Way To UI Bliss

Check Your Mysql Server Performance with MySQLTuner

The Growth of the Newest Kubuntu Support Option

Linux Game "System of Tomorrow" Ships in Two Weeks

Anonymous Proxy Using Squid 3 On CentOS 5.x

Install and Configure Cacti Monitoring Tool in Ubuntu 8.10 (Intrepid Ibex) Server

SimplyMEPIS: The Best Desktop Linux You Haven't Tried

Planning Extensions in TYPO3

How the Linux Kernel Manages Virtual Memory

Make Your BIOS Love Security

Sr. Developer, Backend
Professional Technical Resources
US-OR-Portland

Justtechjobs.com Post A Job | Post A Resume
:Gentoo Linux Advisory: phpMyAdmin
Gentoo Linux Advisory: phpMyAdmin
Oct 19, 2004, 15 :59 UTC (0 Talkback[s]) (2264 reads)

Gentoo Linux Security Advisory GLSA 200410-14

http://security.gentoo.org/

Severity: High
Title: phpMyAdmin: Vulnerability in MIME-based transformation system
Date: October 18, 2004
Bugs: #67409
ID: 200410-14

Synopsis

A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled.

Background

phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode, including using insertion of PHP or JavaScript code.

Affected packages

PackageVulnerableUnaffected
1 dev-db/phpmyadmin< 2.6.0_p2>= 2.6.0_p2

Description

A defect was found in phpMyAdmin's MIME-based transformation system, when used with "external" transformations.

Impact

A remote attacker could exploit this vulnerability to execute arbitrary commands on the server with the rights of the HTTP server user.

Workaround

Enabling PHP safe mode ("safe_mode = On" in php.ini) may serve as a temporary workaround.

Resolution

All phpMyAdmin users should upgrade to the latest version: 

    # emerge sync

    # emerge -pv ">=dev-db/phpmyadmin-2.6.0_p2"
    # emerge ">=dev-db/phpmyadmin-2.6.0_p2"

References

[ 1 ] phpMyAdmin 2.6.0_pl2 Release Announcement

http://sourceforge.net/forum/forum.php?forum_id=414281

[ 2 ] Secunia Advisory SA12813

http://secunia.com/advisories/12813/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200410-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft PDF: Top 11 Reasons to Upgrade to Windows Server 2008
Intel Podcast Transcript: Talking vPro
Avaya Article: Communication-Enabled Mashups: Empowering Both Business Owners and IT
Whitepaper: Building a Real-World Model to Assess Virtualization Platforms
PDF: Intel Centrino Duo Processor Technology with Intel Core2 Duo Processor
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Go Parallel Article: Q&A with a TBB Junkie
Microsoft Article: BitLocker Encryption on Windows Server 2008
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
   Internet.com eBook: Real Life Rails
IBM eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Podcast: The Pro Platform - Intel vPro Technology
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
   Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Amyuni Download: PDF & XPS Engine for Your .NET and ActiveX Applications
Acresso Download: Try InstallShield 2009
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
   Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Developer Runtime (Windows)
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Dual-Core Intel Itanium 2 Processor
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
   Microsoft Article: Making Designer/Developer Collaboration a Reality
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES