phpMyAdmin /libraries/header_meta_style.inc.php Direct Request Path Disclosure

2005-02-22T17:03:03
ID OSVDB:14379
Type osvdb
Reporter cxib8o3(cxib8o3@users.sourceforge.net)
Modified 2005-02-22T17:03:03

Description

Vulnerability Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /libraries/header_meta_style.inc.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Technical Description

This only affects installations with the "display_errors" option set to 1.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /libraries/header_meta_style.inc.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/phpMyAdmin/libraries/header_meta_style.inc.php

Fatal error: Call to undefined function: pma_setfontsizes() in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/header_meta_style.inc.php on line 9

References:

Vendor URL: http://www.phpmyadmin.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 Vendor Specific Advisory URL Secunia Advisory ID:17578 Secunia Advisory ID:14382 Related OSVDB ID: 14374 Related OSVDB ID: 14376 Related OSVDB ID: 14378 Related OSVDB ID: 14375 Related OSVDB ID: 14381 Related OSVDB ID: 14382 Related OSVDB ID: 14387 Related OSVDB ID: 14388 Related OSVDB ID: 14380 Related OSVDB ID: 14385 Related OSVDB ID: 14386 Related OSVDB ID: 14377 Related OSVDB ID: 14383 Related OSVDB ID: 14384 Other Advisory URL: http://www.fitsec.com/advisories/FS-05-02.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0446.html Keyword: FS-05-02 CVE-2005-0544