[Bug 236619] New: VUL-0: phpMyAdmin PMASA-2007-1 and PMASA-2007-2
https://bugzilla.novell.com/show_bug.cgi?id=236619 Summary: VUL-0: phpMyAdmin PMASA-2007-1 and PMASA-2007-2 Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: anosek@novell.com ReportedBy: anosek@novell.com QAContact: qa@suse.de CC: security-team@suse.de Announcement-ID: PMASA-2007-1 Date: 2007-01-16 Summary: HTTP Response Splitting vulnerability Description: On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to send malicious javascript or redirects. Affected versions: Probably all versions to 2.9.1.1. ----------------------------------------------- Announcement-ID: PMASA-2007-2 Date: 2007-01-16 Summary: XSS and Path Disclosure vulnerabilities Description: We received an advisory from Laurent Gaffié and we wish to thank him for his work. It was possible to trigger these attacks on db_create.php and index.php. Affected versions: Probably all versions to 2.9.1.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=236619 anosek@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=236619 ------- Comment #1 from anosek@novell.com 2007-01-19 00:35 MST ------- Links: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=236619 judas_iscariote@shorewall.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |judas_iscariote@shorewall.net ------- Comment #2 from judas_iscariote@shorewall.net 2007-01-19 00:55 MST ------- Current PHP versions are inmune to this kind of attacks, header() currenlty only allows one line ( one http header) per function call, effectively making this problem history. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=236619 ------- Comment #3 from thomas@novell.com 2007-05-21 06:01 MST ------- Ales, are packages we ship are affected by it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=236619#c4
--- Comment #4 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=236619#c5
--- Comment #5 from Ales Nosek
https://bugzilla.novell.com/show_bug.cgi?id=236619#c6
--- Comment #6 from Ales Nosek
https://bugzilla.novell.com/show_bug.cgi?id=236619#c8
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=236619#c9
Ales Nosek
https://bugzilla.novell.com/show_bug.cgi?id=236619
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=236619#c10
Marcus Meissner
participants (1)
-
bugzilla_noreply@novell.com