CVE-2011-2719

Priority
Medium
Description
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3
and 3.4.x before 3.4.3.2 does not properly manage sessions associated with
Swekey authentication, which allows remote attackers to modify the SESSION
superglobal array, other superglobal arrays, and certain
swekey.auth.lib.php local variables via a crafted query string, a related
issue to CVE-2011-2505.
References
Bugs
Package
Upstream:released (3.3.10.3,3.4.3.2)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4:3.4.3.2-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4:3.4.3.2-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (4:3.4.3.2-1)
Ubuntu 13.10 (Saucy Salamander):not-affected (4:3.4.3.2-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4:3.4.3.2-1)
Patches:
Upstream:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
Upstream:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:40 UTC (commit 7585)