Candidate: CVE-2011-2719
PublicDate: 2011-08-01 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2719
 http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
 http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
Description:
 libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3
 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with
 Swekey authentication, which allows remote attackers to modify the SESSION
 superglobal array, other superglobal arrays, and certain
 swekey.auth.lib.php local variables via a crafted query string, a related
 issue to CVE-2011-2505.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=725384
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
 upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
 upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
upstream_phpmyadmin: released (3.3.10.3,3.4.3.2)
hardy_phpmyadmin: ignored (reached end-of-life)
lucid_phpmyadmin: ignored (reached end-of-life)
maverick_phpmyadmin: ignored (reached end-of-life)
natty_phpmyadmin: ignored (reached end-of-life)
oneiric_phpmyadmin: not-affected (4:3.4.3.2-1)
precise_phpmyadmin: not-affected (4:3.4.3.2-1)
quantal_phpmyadmin: not-affected (4:3.4.3.2-1)
raring_phpmyadmin: not-affected (4:3.4.3.2-1)
saucy_phpmyadmin: not-affected (4:3.4.3.2-1)
devel_phpmyadmin: not-affected (4:3.4.3.2-1)