=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN660
_____________________________________________________________________

DATE                      : 24/10/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpMyAdmin prior to 2.6.4-pl3.

======================================================================

phpMyAdmin security announcement PMASA-2005-5

Announcement-ID: PMASA-2005-5
Date: 2005-10-22

Summary:
(1) Local file inclusion vulnerability and
(2) Cross-Site Scripting vulnerability

Description:
We received a security advisory from Stefan Esser
(sesser@hardened-php.net) about (1). We received
a security advisory from Tobias Klein (tk@trapkit.de)
about (2). We wish to thank both of them for their work.

(1) : Due to the sequence of execution in the code that
gets form parameters in some scripts, it was possible
to craft a special attack form that overwrites
configuration parameters.

(2) : Some scripts were vulnerable to XSS attacks:
left.php, queryframe.php and server_databases.php.

Severity:
We consider these vulnerabilities to be serious. However,
(1) can be exploited only on systems not running in
PHP safe mode (unless a deliberate hole was opened by
including in open_basedir some paths containing sensitive data).

Affected versions:
We did not make an extensive verification on this.
Probably all previous versions.

Solution:
Upgrade to phpMyAdmin 2.6.4-pl3 or newer.

References:
For (1): http://www.hardened-php.net/advisory_162005.73.html

For further information and in case of questions, please
contact the phpMyAdmin team. Our website is
http://www.phpmyadmin.net/.



======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================