==================================================================== CERT-Renater Note d'Information No. 2012/VULN376 ____________________________________________________________________ DATE : 25/09/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running phpMyAdmin versions 3.5. ====================================================================== http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php ______________________________________________________________________ PMASA-2012-5 Announcement-ID: PMASA-2012-5 Date: 2012-09-25 Summary One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. Description One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified. Severity We consider this vulnerability to be critical. Affected Versions We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php. Solution Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php. References Thanks to Tencent Security Response Center for letting us know about this issue. Assigned CVE ids: CVE-2012-5159 CWE ids: CWE-661 CWE-95 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================