From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200504-30.xml | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 metadata/glsa/glsa-200504-30.xml (limited to 'metadata/glsa/glsa-200504-30.xml') diff --git a/metadata/glsa/glsa-200504-30.xml b/metadata/glsa/glsa-200504-30.xml new file mode 100644 index 000000000000..22aa6ae9c7fc --- /dev/null +++ b/metadata/glsa/glsa-200504-30.xml @@ -0,0 +1,72 @@ + + + + phpMyAdmin: Insecure SQL script installation + + phpMyAdmin leaves the SQL install script with insecure permissions, + potentially leading to a database compromise. + + phpmyadmin + 2005-04-30 + 2006-05-22: 02 + 88831 + local + + + 2.6.2-r1 + 2.6.2-r1 + + + +

+ phpMyAdmin is a tool written in PHP intended to handle the + administration of MySQL databases from a web-browser. phpMyAdmin uses a + pma MySQL user to control the linked-tables infrastructure. The SQL + install script sets the initial password for the pma user. +

+ + +

+ The phpMyAdmin installation process leaves the SQL install script with + insecure permissions. +

+ + +

+ A local attacker could exploit this vulnerability to obtain the initial + phpMyAdmin password and from there obtain information about databases + accessible by phpMyAdmin. +

+ + +

+ Change the password for the phpMyAdmin MySQL user (pma): +

+ + mysql -u root -p + SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword'); +

+ Update your phpMyAdmin config.inc.php: +

+ + $cfg['Servers'][$i]['controlpass'] = 'MyNewPassword'; + + +

+ All phpMyAdmin users should change password for the pma user as + described above and upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.2-r1" + + + CVE-2005-1392 + + + jaervosz + + + koon + + -- cgit v1.2.3