SECUNIA ADVISORY ID: SA45139

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45139/

CRITICALITY: Highly Critical

RELEASE DATE: 2011-07-06

DESCRIPTION: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information and by malicious users and malicious people to compromise a vulnerable system. The vulnerabilities are reported in versions prior to 3.3.10.2 and 3.4.3.1.

NOTE: A weakness in setup scripts, which could lead to arbitrary PHP code injection if session variables are overwritten has also been reported.1) An error within the "Swekey_login()" function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code.

2) Input passed to the "PMA_createTargetTables()" function in libraries/server_synchronize.lib.php is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code via URL-encoded NULL bytes.

3) Input passed to the "PMA_displayTableBody()" function in libraries/display_tbl.lib.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.

SOLUTION: Update to version 3.3.10.2 or 3.4.3.1.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Frans Pehrson, Xxor AB.

ORIGINAL ADVISORY:
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php