CVE-2011-0986 in Ubuntu

CVE-2011-0986

Priority

Negligible

Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not
properly handle the absence of the (1) README, (2) ChangeLog, and (3)
LICENSE files, which allows remote attackers to obtain the installation
path via a direct request for a nonexistent file.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986
http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php

Notes

mdeslaur> paths in packages are already well-known

Package

Source: phpmyadmin (LP Ubuntu Debian)

Upstream:	released (2.11.11.2,3.3.9.1)
Ubuntu 8.04 LTS (Hardy Heron):	ignored
Ubuntu 10.04 LTS (Lucid Lynx):	ignored
Ubuntu 11.04 (Natty Narwhal):	not-affected (4:3.3.9.2-1)

Patches:

Upstream:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2012-06-01 15:21:53 UTC (commit 5347)