phpMyAdmin database_interface.lib.php Local File Inclusion

2005-02-24T08:27:54
ID OSVDB:14095
Type osvdb
Reporter OSVDB
Modified 2005-02-24T08:27:54

Description

Vulnerability Description

phpMyAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to database_interface.lib.php not properly sanitizing user input supplied to the cfg[Server][extension] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

The call to "require_once" passes the absolute path './libraries/dbi/' before the variable is involved.

Solution Description

Upgrade to version 2.6.1-pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpMyAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to database_interface.lib.php not properly sanitizing user input supplied to the cfg[Server][extension] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[victim]/[DIR]/libraries/database_interface.lib.php?cfg[Server][extension]=cXIb8O3

References:

Vendor URL: http://www.phpmyadmin.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:14469 Secunia Advisory ID:14382 Related OSVDB ID: 14094 Related OSVDB ID: 14096 Related OSVDB ID: 14099 Related OSVDB ID: 14098 Related OSVDB ID: 14100 Related OSVDB ID: 14101 Related OSVDB ID: 14097 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200503-07.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0455.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0437.html CVE-2005-0567