-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-35
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 18 Sep 2008
Last revised: 18 Sep 2008
Package: phpmyadmin
Summary: Code execution vulnerability
More information:
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web.
The server_databases.php script was vulnerable to an attack coming from
a user who is already logged-on to phpMyAdmin, where he can execute shell
code (if the PHP configuration permits commands like exec). (PMASA-2008-7)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
phpmyadmin-2.11.9.1-1.src.rpm
3118986 acfc18e7b83f167994a9a2433807f4b5
Binary Packages
Size: MD5
phpmyadmin-2.11.9.1-1.noarch.rpm
4441721 8633d63f23dc77e62df171ad93a5fd3b
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
phpmyadmin-2.11.9.1-1.src.rpm
3118986 acfc18e7b83f167994a9a2433807f4b5
Binary Packages
Size: MD5
phpmyadmin-2.11.9.1-1.noarch.rpm
4443843 6bfed825c227adbd8012154964438315
References:
phpMyAdmin security announcement
[PMASA-2008-7]
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
CVE
[CVE-2008-4096]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
--------------------------------------------------------------------------
Revision History
18 Sep 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjSOTcACgkQK0LzjOqIJMxE5ACgmb5a7QEfqMwlIu4dJxoJVu2A
PNEAn3qzI1FftgTUCRRpo9LlScs0sTnn
=IaTJ
-----END PGP SIGNATURE-----
