security alert
This commit is contained in:
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
|
|||||||
$Id$
|
$Id$
|
||||||
$Source$
|
$Source$
|
||||||
|
|
||||||
|
2004-06-30 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
|
* left.php: fix against security alert, thanks to Garvin
|
||||||
|
|
||||||
2004-06-30 Alexander M. Turek <me@derrabus.de>
|
2004-06-30 Alexander M. Turek <me@derrabus.de>
|
||||||
* libraries/common.lib.php: Fix against $_REQUEST['cfg'] exploits.
|
* libraries/common.lib.php: Fix against $_REQUEST['cfg'] exploits.
|
||||||
|
|
||||||
|
@@ -3766,6 +3766,41 @@ To create a new, empty mimetype please see libraries/transformations/template_ge
|
|||||||
<br /><br />
|
<br /><br />
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
<h4>
|
||||||
|
[8.2] Security alert, dated 2004-06-29.
|
||||||
|
</h4>
|
||||||
|
<p>
|
||||||
|
Last update of this FAQ: 2004-06-30.
|
||||||
|
<br /><br />
|
||||||
|
The phpMyAdmin development team received notice of this security alert:
|
||||||
|
<a href="http://securityfocus.com/archive/1/367486/2004-06-26/2004-07-02/0" target="_blank">http://securityfocus.com/archive/1/367486/2004-06-26/2004-07-02/0</a>
|
||||||
|
<br /><br />
|
||||||
|
We would like to put emphasis on the disappointment we feel when a
|
||||||
|
bugreporter does not contact the authors of a software first, before
|
||||||
|
posting any exploits. The common way to report this, is to give the
|
||||||
|
developers a reasonable amount of time to respond to an exploit before
|
||||||
|
it is made public.
|
||||||
|
<br /><br />
|
||||||
|
We acknowledge that phpMyAdmin versions 2.5.1 to 2.5.7 are vulnerable
|
||||||
|
to this problem, if each of the following conditions are met:
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
The Web server hosting phpMyAdmin is not running in safe mode.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
In config.inc.php, <tt>$cfg['LeftFrameLight']</tt> is set to FALSE
|
||||||
|
(the default value of this parameter is TRUE).
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
There is no firewall blocking requests from the Web server to the
|
||||||
|
attacking host.
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>
|
||||||
|
<br />
|
||||||
|
Version 2.5.7-pl1 was released with a fix for this vulnerability.
|
||||||
|
</p>
|
||||||
|
|
||||||
<!-- DEVELOPERS -->
|
<!-- DEVELOPERS -->
|
||||||
<a name="developers"></a><br />
|
<a name="developers"></a><br />
|
||||||
|
38
left.php
38
left.php
@@ -45,6 +45,22 @@ require_once('./libraries/bookmark.lib.php');
|
|||||||
require_once('./libraries/relation.lib.php');
|
require_once('./libraries/relation.lib.php');
|
||||||
$cfgRelation = PMA_getRelationsParam();
|
$cfgRelation = PMA_getRelationsParam();
|
||||||
|
|
||||||
|
function PMA_multimerge(&$stack, &$table) {
|
||||||
|
global $list_item, $table_item;
|
||||||
|
|
||||||
|
$key = array_shift($table);
|
||||||
|
|
||||||
|
if (count($table) > 0) {
|
||||||
|
if (!isset($stack[$key])) {
|
||||||
|
$stack[$key] = '';
|
||||||
|
}
|
||||||
|
PMA_multimerge($stack[$key], $table);
|
||||||
|
} else {
|
||||||
|
$stack['pma_name'][] = $table_item;
|
||||||
|
$stack['pma_list_item'][] = $list_item;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function PMA_reduceNest($_table) {
|
function PMA_reduceNest($_table) {
|
||||||
|
|
||||||
if ($GLOBALS['cfg']['LeftFrameTableLevel'] > 0) {
|
if ($GLOBALS['cfg']['LeftFrameTableLevel'] > 0) {
|
||||||
@@ -52,7 +68,7 @@ function PMA_reduceNest($_table) {
|
|||||||
$temp_table = $_table;
|
$temp_table = $_table;
|
||||||
$new_table = array();
|
$new_table = array();
|
||||||
$last_index = 0;
|
$last_index = 0;
|
||||||
for ($ti = 0; $ti < $max; $ti++) {
|
for ($ti = 0; $ti <= $max; $ti++) {
|
||||||
if (isset($temp_table[$ti])) {
|
if (isset($temp_table[$ti])) {
|
||||||
$new_table[$ti] = $temp_table[$ti];
|
$new_table[$ti] = $temp_table[$ti];
|
||||||
unset($temp_table[$ti]);
|
unset($temp_table[$ti]);
|
||||||
@@ -561,13 +577,12 @@ if ($num_dbs > 1) {
|
|||||||
$_table[$key] = '__protected__';
|
$_table[$key] = '__protected__';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($_table[count($_table)-1]);
|
|
||||||
$_table = PMA_reduceNest($_table);
|
$_table = PMA_reduceNest($_table);
|
||||||
|
|
||||||
$eval_string = '$tablestack[\'' . implode('\'][\'', $_table) . '\'][\'pma_name\'][] = \'' . str_replace('\'', '\\\'', $table_item) . '\';';
|
if (count($_table) == 1) {
|
||||||
$eval_string .= '$tablestack[\'' . implode('\'][\'', $_table) . '\'][\'pma_list_item\'][] = \'' . str_replace('\'', '\\\'', $list_item) . '\';';
|
array_unshift($_table, '');
|
||||||
eval($eval_string);
|
}
|
||||||
|
PMA_multimerge($tablestack, $_table);
|
||||||
} else {
|
} else {
|
||||||
$tablestack['']['pma_name'][] = $table_item;
|
$tablestack['']['pma_name'][] = $table_item;
|
||||||
$tablestack['']['pma_list_item'][] = $list_item;
|
$tablestack['']['pma_list_item'][] = $list_item;
|
||||||
@@ -577,12 +592,12 @@ if ($num_dbs > 1) {
|
|||||||
$tablestack['']['pma_list_item'][] = $list_item;
|
$tablestack['']['pma_list_item'][] = $list_item;
|
||||||
}
|
}
|
||||||
} // end while (tables list)
|
} // end while (tables list)
|
||||||
|
|
||||||
PMA_nestedSet($j, $tablestack);
|
PMA_nestedSet($j, $tablestack);
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
echo "\n";
|
echo "\n";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Light mode -> displays the select combo with databases names and the
|
// Light mode -> displays the select combo with databases names and the
|
||||||
@@ -828,13 +843,12 @@ else if ($num_dbs == 1) {
|
|||||||
$_table[$key] = '__protected__';
|
$_table[$key] = '__protected__';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($_table[count($_table)-1]);
|
|
||||||
$_table = PMA_reduceNest($_table);
|
$_table = PMA_reduceNest($_table);
|
||||||
|
|
||||||
$eval_string = '$tablestack[\'' . implode('\'][\'', $_table) . '\'][\'pma_name\'][] = \'' . str_replace('\'', '\\\'', $table_item) . '\';';
|
if (count($_table) == 1) {
|
||||||
$eval_string .= '$tablestack[\'' . implode('\'][\'', $_table) . '\'][\'pma_list_item\'][] = \'' . str_replace('\'', '\\\'', $list_item) . '\';';
|
array_unshift($_table, '');
|
||||||
eval($eval_string);
|
}
|
||||||
|
PMA_multimerge($tablestack, $_table);
|
||||||
} else {
|
} else {
|
||||||
$tablestack['']['pma_name'][] = $table_item;
|
$tablestack['']['pma_name'][] = $table_item;
|
||||||
$tablestack['']['pma_list_item'][] = $list_item;
|
$tablestack['']['pma_list_item'][] = $list_item;
|
||||||
|
Reference in New Issue
Block a user