Ubuntu
phpmyadmin package

[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising

Bug #227283 reported by disabled.user
260
Affects Status Importance Assigned to Milestone
phpmyadmin (Ubuntu)
Fix Released
High
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
High
William Grant
Intrepid
Fix Released
High
Unassigned

Bug Description

Binary package hint: phpmyadmin

References:
DSA-1557-1 (http://www.debian.org/security/2008/dsa-1557)

Quoting:
"CVE-2008-1924

    Attackers with CREATE table permissions were allowed to read
    arbitrary files readable by the webserver via a crafted
    HTTP POST request.

CVE-2008-1567

    The PHP session data file stored the username and password of
    a logged in user, which in some setups can be read by a local
    user."

Note: CVE-2008-1149 has been treated in Bug #198745.

CVE References

Revision history for this message
Emanuele Gentili (emgent) wrote :

for intrepid, sync requested in Bug #227261

Daniel Hahler (blueyed)
Changed in phpmyadmin:
importance: Undecided → High
status: New → Triaged
William Grant (wgrant)
Changed in phpmyadmin:
status: Triaged → Fix Released
assignee: nobody → wgrant
importance: Undecided → High
status: New → In Progress
Revision history for this message
William Grant (wgrant) wrote :

These are PMASA-2008-[23] respectively. I'm working on it for Hardy.

Patches at http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11205, http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11175.

Revision history for this message
William Grant (wgrant) wrote :
Jamie Strandboge (jdstrand)
Changed in phpmyadmin:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1.1

---------------
phpmyadmin (4:2.11.3-1ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: sensitive data in session files, reading of arbitrary
    files by users with the CREATE privilege. (LP: #227283)
    - debian/patches/051_CVE-2008-1567.dpatch: Add. Don't save sensitive
      information in session files. Patch from upstream SVN.
    - debian/patches/052_CVE-2008-1924.dpatch: Add. Confirm that the upload
      directory is set. Patch from upstream SVN.
    - References:
      + CVE-2008-1567
      + CVE-2008-1924
      + PMASA-2008-2
      + PMASA-2008-3

 -- William Grant <email address hidden> Fri, 30 May 2008 18:43:32 +1000

Changed in phpmyadmin:
status: Fix Committed → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in phpmyadmin:
status: New → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in phpmyadmin (Ubuntu Gutsy):
status: New → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in phpmyadmin (Ubuntu Dapper):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.