Vulnerabilities > CVE-2005-4079 - Unspecified vulnerability in PHPmyadmin 2.7.0Rc1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_004.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin). Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above. last seen 2019-10-28 modified 2006-01-29 plugin id 20820 published 2006-01-29 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20820 title SUSE-SA:2006:004: phpMyAdmin NASL family CGI abuses NASL id PHPMYADMIN_IMPORT_BLACKLIST_OVERWRITE.NASL description The version of phpMyAdmin installed on the remote host fails to properly protect the global last seen 2020-06-01 modified 2020-06-02 plugin id 22124 published 2006-07-31 reporter This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22124 title phpMyAdmin import_blacklist Variable Overwriting NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-03.NASL description The remote host is affected by the vulnerability described in GLSA-200512-03 (phpMyAdmin: Multiple vulnerabilities) Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable import_blacklist to open phpMyAdmin to local and remote file inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to conduct an XSS attack via the $HTTP_HOST variable and a local and remote file inclusion because the contents of the variable are under total control of the attacker (CVE-2005-3665, PMASA-2005-8). Impact : A remote attacker may exploit these vulnerabilities by sending malicious requests, causing the execution of arbitrary code with the rights of the user running the web server. The cross-site scripting issues allow a remote attacker to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially allowing unauthorized access to phpMyAdmin. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20312 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20312 title GLSA-200512-03 : phpMyAdmin: Multiple vulnerabilities
Seebug
bulletinFamily | exploit |
description | BugCVE: CVE-2005-4079 BUGTRAQ: 15761 phpMyAdmin对某些变量的处理上存在漏洞,远程攻击者可能利用此漏洞在主机上执行任意命令。 phpMyAdmin将不应该被register_globals仿真层覆盖的变量黑名单存储在全局变量中,但却没有包含$import_blacklist变量名,因此攻击者可以覆盖该变量。如果覆盖了该变量的话,攻击者就可以用任意内容覆盖$GLOBALS数组,导致执行任意代码。 phpMyAdmin phpMyAdmin 2.7/2.7.0 beta1 phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.7.0-pl1.tar.gz target=_blank>http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.7.0-pl1.tar.gz</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200512-03)以及相应补丁: GLSA-200512-03:phpMyAdmin: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200512-03.xml target=_blank>http://security.gentoo.org/glsa/glsa-200512-03.xml</a> 所有phpMyAdmin用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.7.0_p1" |
id | SSV:4335 |
last seen | 2017-11-19 |
modified | 2008-10-26 |
published | 2008-10-26 |
reporter | Root |
title | phpMyAdmin Import_Blacklist变量覆盖漏洞 |
References
- http://secunia.com/advisories/17925/
- http://secunia.com/advisories/17957
- http://secunia.com/advisories/18618
- http://securityreason.com/securityalert/237
- http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml
- http://www.hardened-php.net/advisory_252005.110.html
- http://www.osvdb.org/21508
- http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-9
- http://www.securityfocus.com/archive/1/418834/100/0/threaded
- http://www.securityfocus.com/archive/1/423142/100/0/threaded
- http://www.securityfocus.com/bid/15761
- http://www.vupen.com/english/advisories/2005/2792