Home

Forums

Web development

 

 

 
 
     
 
dna88 Web development and Technology Forum
 
Profile   Register   Memberlist   Usergroups   FAQ   Search  Log in
New Mysql + phpmyadmin bug/vulnerability patch

 
Post new topic   Reply to topic    dna88 Forum Index -> Databases Discussion Forum
Author Message
quantum
Site Admin
Site Admin


Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
Post Post subject: New Mysql + phpmyadmin bug/vulnerability patch Reply with quote
A new mysql bug that can be exploited with phpmyadmin has been revealed. Webmaster please read the article and implement the patch as soon as possible.
Quote:
Users of the increasingly popular, open-source MySQL database may be at risk from remote attacks due to a bug in phpMyAdmin, a widely used Web-based MySQL administration tool.


On Wednesday the phpMyAdmin project warned of a bug in the way the tool's MIME-based transformation system handles "external" transformations. Attackers could exploit the hole to execute arbitrary commands on a Web server with the privileges of the server's user, the project said in a statement.


A patch available on the phpMyAdmin site fixes the bug.


The vulnerability can only be exploited on systems where PHP's safe mode is turned off. Danish security firm Secunia said the flaw is serious, giving it a "highly critical" ranking.


The new flaw is the most serious to have been uncovered in phpMyAdmin to date; previous bugs, including some allowing configuration manipulation, code injection and cross site scripting, have been only moderately dangerous, according to security researchers.


PhpMyAdmin has become the de facto standard for controlling MySQL databases over a Web-based interface, though it faces numerous competitors. Like MySQL, it is distributed under an open-source licence.


MySQL, like some other open-source databases, has gained ground in the database market, particularly in small to medium-sized businesses, industry analysts say. Enterprises are also beginning to eye the product as an alternative to Oracle's database.


Quote:
Security fix: If PHP is not running in safe mode, a problem in the MIME-based transformation system (with an "external" transformation) allows to execute any command with the privileges of the web server's user.


A patch can be found here.

http://sourceforge.net/forum/forum.php?forum_id=414281

To keep updated with the mysql bugs, always visit this page.

http://bugs.mysql.com/
_________________

Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.
Wed Oct 20, 04 10:58 pm
Back to top
quantum View user's profile Send private message Visit poster's website AIM Address
dinangkur
Super Moderator
Super Moderator


Joined: 24 Mar 2004
Posts: 491
Location: Dhaka, Bangladesh
Post Post subject: Reply with quote
I have found that there is a book regarding phpmyadmin administration on phpmyadmin site. Quantum do you have that book (electronic verson), that will be very helpful.

-DK
_________________
...we too are stardust...
Sat Oct 23, 04 8:34 pm
Back to top
dinangkur View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
hasnut
Expert User
Expert User


Joined: 28 Aug 2004
Posts: 201

Post Post subject: Reply with quote
Actually this(quantum issue) will not help to general developers, generally phpmyadmin is installed in server side and normal hosting control panel can't update the phpmyadmin files as its controled from hosting software like ensim,cpanel,hosting controller etc..
_________________
Sarder Hasnut
MCSD, CIW A

Need Low Cost Prefessional Hosting Contact me
Sun Oct 24, 04 12:55 pm
Back to top
hasnut View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    dna88 Forum Index -> Databases Discussion Forum All times are GMT - 7 Hours
Page 1 of 1

 

Partners and Resources

Bangladesh hosting company

Bangladesh web design

Driven by phpBB © phpBB Group