phpMyAdmin UploadDir Function sql_localfile Parameter Arbtirary File Access

2004-12-13T10:53:19
ID OSVDB:12331
Type osvdb
Reporter Nicolas Gregoire(ngregoire@exaprobe.com)
Modified 2004-12-13T10:53:19

Description

Vulnerability Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered on systems where $cfg['UploadDir'] is defined and PHP safe mode is disabled. 'sql_localfile' is not properly sanatized and can be exploited by a remote malicious user by calling read_dump.php via a crafted form from the phpMyAdmin interface, which will disclose file information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.6.1-rc1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Setting PHP safe mode to ON. If not feasible, deactivate the UploadDir mechanism.

Short Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered on systems where $cfg['UploadDir'] is defined and PHP safe mode is disabled. 'sql_localfile' is not properly sanatized and can be exploited by a remote malicious user by calling read_dump.php via a crafted form from the phpMyAdmin interface, which will disclose file information resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:13424 Related OSVDB ID: 12330 Other Advisory URL: http://www.exaprobe.com/labs/advisories/esa-2004-1213.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0033.html ISS X-Force ID: 18441 Generic Informational URL: http://marc.theaimsgroup.com/?l=bugtraq&m=110295781828323&w=2 CVE-2004-1148