[Bug 392324] Re: CVE-2009-1285: Insufficient output sanitizing when generating configuration file
derRichard
richard-ubuntu at nod.at
Mon Oct 26 01:11:37 UTC 2009
This bug seems still exploitable.
A friend of mine has PhpMyAdmin-4:3.1.2-1ubuntu0.1 running on Ubuntu 9.04 and got hacked today.
After some time i found the exploit.
It used this issue to break in:
http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php
The security update for the issue contains only this patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342
But NOT:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12342&r2=12341&pathrev=12342
A review of this issue is needed.
Cheers,
//richard
--
CVE-2009-1285: Insufficient output sanitizing when generating configuration file
https://bugs.launchpad.net/bugs/392324
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list