Vulnerabilities > CVE-2008-7252 - Cryptographic Issues vulnerability in PHPmyadmin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_PHPMYADMIN-091209.NASL description The use of unserialize() on POST data which could have lead to remote code execution (CVE-2009-4605) has been fixed as well as some minor temporary file issues (CVE-2008-7251, CVE-2008-7252). last seen 2020-06-01 modified 2020-06-02 plugin id 44044 published 2010-01-18 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44044 title openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update phpMyAdmin-1801. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44044); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2008-7251", "CVE-2008-7252", "CVE-2009-4605"); script_name(english:"openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)"); script_summary(english:"Check for the phpMyAdmin-1801 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The use of unserialize() on POST data which could have lead to remote code execution (CVE-2009-4605) has been fixed as well as some minor temporary file issues (CVE-2008-7251, CVE-2008-7252)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=559569" ); script_set_attribute( attribute:"solution", value:"Update the affected phpMyAdmin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:phpMyAdmin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"phpMyAdmin-2.11.9.6-0.3") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2034.NASL description Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. - CVE-2008-7252 phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. - CVE-2009-4605 The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery. last seen 2020-06-01 modified 2020-06-02 plugin id 45556 published 2010-04-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45556 title Debian DSA-2034-1 : phpmyadmin - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2034. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(45556); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-7251", "CVE-2008-7252", "CVE-2009-4605"); script_bugtraq_id(37826); script_xref(name:"DSA", value:"2034"); script_name(english:"Debian DSA-2034-1 : phpmyadmin - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. - CVE-2008-7252 phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. - CVE-2009-4605 The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-7251" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-7252" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-4605" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2034" ); script_set_attribute( attribute:"solution", value: "Upgrade the phpmyadmin package. For the stable distribution (lenny), these problems have been fixed in version phpmyadmin 2.11.8.1-5+lenny4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpmyadmin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"phpmyadmin", reference:"2.11.8.1-5+lenny4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-01.NASL description The remote host is affected by the vulnerability described in GLSA-201201-01 (phpMyAdmin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. Impact : Remote attackers might be able to insert and execute PHP code, include and execute local PHP files, or perform Cross-Site Scripting (XSS) attacks via various vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57433 published 2012-01-05 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57433 title GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37826 CVE ID: CVE-2008-7251,CVE-2008-7252 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin在创建临时目录时使用了完全可写的权限,在创建临时文件时使用了可预测的文件名。本地或远程攻击者可以非授权修改文件,或通过符号链接攻击获得权限提升。 phpMyAdmin 2.11.x 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528 |
| id | SSV:18960 |
| last seen | 2017-11-19 |
| modified | 2010-01-19 |
| published | 2010-01-19 |
| reporter | Root |
| title | phpMyAdmin创建不安全文件和目录漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
- http://secunia.com/advisories/38211
- http://secunia.com/advisories/39503
- http://www.debian.org/security/2010/dsa-2034
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
- http://www.securityfocus.com/bid/37826
- http://www.vupen.com/english/advisories/2010/0910