2.11.5.2 이하버전에 취약점이 존재한다고 하니 phpmyadmin을 사용하시는 분들은 업그레이드를 하시는것이
좋겠습니다.
출처 : http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
---------------------------------------------------------------------------------------------------------
phpMyAdmin security announcement PMASA-2008-3
Announcement-ID: PMASA-2008-3
Date: 2008-04-22
Updated:
2008-04-27
Summary:
File disclosure on shared hosts via a crafted HTTP POST
request.
Description:
We received an advisory from Cezary Tomczak, and we
wish to thank him for his work.
It is possible to read the contents of any file
that the web server's user can access.
The exact mechanism to achieve this won't be disclosed.
Severity:
We consider this vulnerability to be serious.
Mitigation factor:
If a user can upload on the same host where
phpMyAdmin is running, a PHP script that can read files with
the rights of the web server's user, the current advisory does not describe an additional threat.
Affected versions:
Versions before 2.11.5.2.
Solution:
Upgrade to phpMyAdmin 2.11.5.2 or newer.
Cezary Tomczak's advisory
Revision 11205
Revision 11211
CVE-2008-1924
'Security' 카테고리의 다른 글
| 보안 관련 사이트 (mailling) (0) | 2008.06.16 |
|---|---|
| 최근 웹사이트 공격 유형 (2) | 2008.05.09 |
| rkhunter (rootkit hunter) (0) | 2008.04.22 |
| Linux kernel Local Exploit (0) | 2008.02.13 |
| Stack buffer overflow in nmbd's logon & Remote Code Execution in Samba's nmbd (2) | 2007.11.16 |