CVE-2011-2719

Priority
Medium
Description
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3
and 3.4.x before 3.4.3.2 does not properly manage sessions associated with
Swekey authentication, which allows remote attackers to modify the SESSION
superglobal array, other superglobal arrays, and certain
swekey.auth.lib.php local variables via a crafted query string, a related
issue to CVE-2011-2505.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2719
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
Bugs
https://bugzilla.redhat.com/show_bug.cgi?id=725384
Package
Source: phpmyadmin (LP Ubuntu Debian)
Upstream:released (3.3.10.3,3.4.3.2)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needed
Ubuntu 11.10 (Oneiric Ocelot):not-affected (4:3.4.3.2-1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:3.4.3.2-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4:3.4.3.2-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (4:3.4.3.2-1)
Patches:
Upstream:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
Upstream:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
More Information

Valid XHTML 1.0 Strict

Updated: 2013-04-25 17:14:32 UTC (commit 6757)