phpMyAdmin register_globals Emulation $import_blacklist Variable Overwrite

2005-12-07T09:33:25
ID OSVDB:21508
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2005-12-07T09:33:25

Description

Vulnerability Description

phpMyAdmin contains a flaw that may allows a variety of attacks, including cross site scripting, as well as local and remote file inclusion. This flaw exists because the application does not validate the $import_blacklist variable upon submission to numerous scripts. This may allow an attacker to overwrite the variable thus bypassing the security restrictions in place to maintain register_globals emulation. Once this variable has been manipulated, several scripts could then be used to conduct further attacks.

Solution Description

Upgrade to version 2.7.0-p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpMyAdmin contains a flaw that may allows a variety of attacks, including cross site scripting, as well as local and remote file inclusion. This flaw exists because the application does not validate the $import_blacklist variable upon submission to numerous scripts. This may allow an attacker to overwrite the variable thus bypassing the security restrictions in place to maintain register_globals emulation. Once this variable has been manipulated, several scripts could then be used to conduct further attacks.

References:

Vendor URL: http://www.phpmyadmin.net Vendor Specific News/Changelog Entry: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 Vendor Specific Advisory URL Secunia Advisory ID:17925 Secunia Advisory ID:17957 Secunia Advisory ID:18618 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml Other Advisory URL: http://www.hardened-php.net/advisory_252005.110.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0247.html CVE-2005-4079 Bugtraq ID: 15761