[Secure-testing-team] phpmyadmin update
Thijs Kinkhorst
thijs at debian.org
Wed May 9 10:16:44 UTC 2007
On Wednesday 9 May 2007 00:12, you wrote:
> Hmm, I not sure about this. The issue at hand seems like a generic design
> issue in PHP that's unlikely to be ever fixed inside the interpreter. I
> would assume that limits to recursion depth would beed to be imposed
> application-specific instead.
It's a MOPB-found bug in PHP which have already been fixed inside the
interpreter, and in fact, it has been fixed specifically in a security upload
to etch: http://security-tracker.debian.net/tracker/CVE-2006-1549
Only sarge is still "vulnerable".
http://www.php-security.org/MOPB/MOPB-02-2007.html
> What's the outlined attack here? A database administrator being able to DoS
> the webserver instance serving his phpmyadmin instance or being able to
> mess up the MySQL database itself? If it's the former it appears harmless
> anyway.
It's in any case a mild issue, but something that should be fixed when you
have the chance. Especially in mass-hosting environments where lots of
accounts are handed out, it would at least be inconvenient if someone could
very easily DoS the webserver. And it's not trivial to find out who did it.
Thijs
More information about the Secure-testing-team
mailing list