-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-35 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 18 Sep 2008 Last revised: 18 Sep 2008 Package: phpmyadmin Summary: Code execution vulnerability More information: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. The server_databases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code (if the PHP configuration permits commands like exec). (PMASA-2008-7) Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 Source Packages Size: MD5 phpmyadmin-2.11.9.1-1.src.rpm 3118986 acfc18e7b83f167994a9a2433807f4b5 Binary Packages Size: MD5 phpmyadmin-2.11.9.1-1.noarch.rpm 4441721 8633d63f23dc77e62df171ad93a5fd3b Source Packages Size: MD5 phpmyadmin-2.11.9.1-1.src.rpm 3118986 acfc18e7b83f167994a9a2433807f4b5 Binary Packages Size: MD5 phpmyadmin-2.11.9.1-1.noarch.rpm 4443843 6bfed825c227adbd8012154964438315 References: phpMyAdmin security announcement [PMASA-2008-7] http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7 CVE [CVE-2008-4096] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096 -------------------------------------------------------------------------- Revision History 18 Sep 2008 Initial release -------------------------------------------------------------------------- Copyright(C) 2008 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjSOTcACgkQK0LzjOqIJMxE5ACgmb5a7QEfqMwlIu4dJxoJVu2A PNEAn3qzI1FftgTUCRRpo9LlScs0sTnn =IaTJ -----END PGP SIGNATURE-----