PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
BID:13452
Info
PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
| Bugtraq ID: | 13452 |
| Class: | Configuration Error |
| CVE: |
CVE-2005-1392 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 30 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | This issue was announced by Gentoo. |
| Vulnerable: |
phpMyAdmin phpMyAdmin 2.6.2 |
| Not Vulnerable: | |
Discussion
PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
PHPMyAdmin sets insecure default permissions on the SQL install script. As a result, local attackers may gain unauthorized access to database credentials.
This issue was reported in a Gentoo advisory. It is not known if the vulnerability is limited to Gentoo installations of PHPMyAdmin.
PHPMyAdmin sets insecure default permissions on the SQL install script. As a result, local attackers may gain unauthorized access to database credentials.
This issue was reported in a Gentoo advisory. It is not known if the vulnerability is limited to Gentoo installations of PHPMyAdmin.
Exploit / POC
PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
Solution:
Gentoo has released advisory GLSA 200504-30 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1"
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Gentoo has released advisory GLSA 200504-30 to provide fixes for this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1"
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHPMyAdmin Insecure SQL Install Script Permissions Vulnerability
References:
References:
- Main Vendor Homepage (OWASP)