=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN360
_____________________________________________________________________

DATE                      : 17/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpMyAdmin for TYPO3.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/
______________________________________________________________________

TYPO3 Security Bulletin TYPO3-20080916-1: Code execution vulnerability
in extension phpMyAdmin (phpmyadmin)

Component Type: Third party extension. This extension is not a part of
the TYPO3 default installation.

Affected Versions: Version 3.2.0 and all versions below

Vulnerability Type: Code execution vulnerability

Severity: HIGH


Problem Description: Failing to filter user input the extension is
susceptible to Code exection making it possible to execute arbitrary
Shell Code.

Solution: An updated version 3.3.0 is available from the TYPO3 extension
manager and at 
http://typo3.org/extensions/repository/view/phpmyadmin/3.3.0/. Users of
the extension are advised to update the extension as soon as possible.

General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
to receive future Security Bulletins via E-mail.

Credits: The issue in phpMyAdmin was originally found by Norman Hippert. 
Furthermore the TYPO3 Security Team wishes to thank the extension
maintainer Andreas Kundoch for fixing the issue by upgrading phpMyAdmin
to the latest stable version.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================