Bug#551949: marked as done (phpmyadmin: Denial of Service Attack through setup.php)

Debian Bug Tracking System Sun, 25 Oct 2009 13:15:21 -0700

Your message dated Sun, 25 Oct 2009 19:57:50 +0000
with message-id <[email protected]>
and subject line Bug#543460: fixed in phpmyadmin 4:2.9.1.1-13
has caused the Debian Bug report #543460,
regarding phpmyadmin: Denial of Service Attack through setup.php
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
543460: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543460
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: phpmyadmin
Version: 4:2.9.1.1-11
Severity: important

Reporting a remote denial of service attack against phpmyadmin's
setup.php interface.

After the attack the web interface is not usable.  The web client
displays the following text.

  Welcome to phpMyAdmin 2.9.1.1-Debian-11

  phpMyAdmin tried to connect to the MySQL server, and the server
  rejected the connection. You should check the host, username and
  password in config.inc.php and make sure that they correspond to the
  information given by the administrator of the MySQL server.

  Error
  MySQL said:
  #1045 - Access denied for user 'root'@'localhost' (using password: NO) 

After the attack the following file exists:

  -rw-r----- 1 root root 746 2009-10-04 15:23:40 
/var/lib/phpmyadmin/config.inc.php

Here are the contents of that file:

<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 2.9.1.1-Debian-11 setup script by Michal Čihař 
<[email protected]>
 * Version: $Id: setup.php 9484 2006-10-03 13:11:22Z nijel $
 * Date: Sun, 04 Oct 2009 15:23:40 GMT
 */

/* Servers configuration */
$i = 0;

/* Server  (config:root) [1] */
$i++;
$cfg['Servers'][$i]['host_______if___GET__c____echo___pre___system___GET__c____echo____pre____if___GET__p____echo___pre___eval___GET__p____echo____pre_______']
 = 'localhost';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';

/* End of servers configuration */

?>

Obviously the "host_______if___GET__c__..." part is somewhat escaped
and prevents the full attack and was intended to use parameters 'c'
and 'p' later to be eval'd and displayed.  Instead things are simply
broken by the attack.  The auth_type being set to 'config' is what
breaks the installation.  The normal case for us here is 'cookie'.

That didn't happen due to the protection in place in 4:2.9.1.1-11 but
the system was brought down to a broken state.  I repaired this by
purging the installation and reinstalling to create a clean
config.inc.php file and then ensuring that this file is included in
intrusion detection monitoring but I am certain that the vulnerability
for a repeat attack is likely.

I have this host configured for daily automatic security upgrades.
Therefore this system always has the latest version with 24 hours of a
release of an update.  The system has always been fully up to date and
it appears that the current stable released package has this denial
attack potential.  Here is the recent upgrade history from the
dpkg.log file:

  2008-12-01 04:06:11 upgrade phpmyadmin 4:2.9.1.1-8 4:2.9.1.1-9
  2009-02-12 04:14:24 upgrade phpmyadmin 4:2.9.1.1-9 4:2.9.1.1-10
  2009-06-26 04:12:51 upgrade phpmyadmin 4:2.9.1.1-10 4:2.9.1.1-11

I don't know how this attack was able to use setup.php to write to the
config.inc.php file but the timestamps of the file correlate between
the Apache access log and the resulting config.inc.php file.  The
phpmyadmin web interface was working prior to the attack and was not
functional after the attack so this cannot have been left over from an
attack on the previous version.

Bob

-- System Information:
Debian Release: 4.0
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages phpmyadmin depends on:
ii  debconf [debconf-2.0 1.5.11etch2         Debian configuration management sy
ii  libapache2-mod-php5  5.2.0+dfsg-8+etch15 server-side, HTML-embedded scripti
ii  perl                 5.8.8-7etch6        Larry Wall's Practical Extraction
ii  php5-mysql           5.2.0+dfsg-8+etch15 MySQL module for php5
ii  ucf                  2.0020              Update Configuration File: preserv

Versions of packages phpmyadmin recommends:
ii  apache2                   2.2.3-4+etch10 Next generation, scalable, extenda
ii  apache2-mpm-prefork [http 2.2.3-4+etch10 Traditional model for Apache HTTPD
pn  php5-gd | php4-gd         <none>         (no description available)
pn  php5-mcrypt | php4-mcrypt <none>         (no description available)

-- debconf information excluded

64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 355 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:05 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:06 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:06 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:10:55:07 +0000] "GET 
//phpMyAdmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:39 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:38 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 200 14231 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:39 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 200 14231 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 302 346 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:39 +0000] "POST 
//phpmyadmin//scripts/setup.php HTTP/1.1" 200 22713 
"https://64.119.174.227//phpmyadmin//scripts/setup.php"; "Mozilla/4.0 
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:40 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET / HTTP/1.1" 200 593 "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//scripts/setup.php HTTP/1.1" 404 354 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//config/config.inc.php?c=echo%20$PATH HTTP/1.1" 200 - "-" 
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
64.15.159.169 - - [04/Oct/2009:15:23:41 +0000] "GET 
//phpmyadmin//config.inc.php?c=echo%20$PATH HTTP/1.1" 200 - "-" "Mozilla/4.0 
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"

--- End Message ---

--- Begin Message ---

Source: phpmyadmin
Source-Version: 4:2.9.1.1-13

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

phpmyadmin_2.9.1.1-13.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13.diff.gz
phpmyadmin_2.9.1.1-13.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13.dsc
phpmyadmin_2.9.1.1-13_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 25 Oct 2009 12:25:47 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-13
Distribution: oldstable-security
Urgency: high
Maintainer: Thijs Kinkhorst <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Closes: 535044 543460 552194
Changes: 
 phpmyadmin (4:2.9.1.1-13) oldstable-security; urgency=low
 .
   * Fix inverted logic in documentation of new script.
 .
 phpmyadmin (4:2.9.1.1-12) oldstable-security; urgency=high
 .
   * Upload to oldstable to fix security issues.
   * Cross site scripting (CVE-2009-3696, closes: #552194).
   * Allow saving of configuration from setup script only after
     explicit action from administrator (closes: #535044, #543460).
Files: 
 0a8c412c5481b2260562ab5649c70d8b 1021 web extra phpmyadmin_2.9.1.1-13.dsc
 68fc6b7269343482b96326553dd1e0c0 57060 web extra phpmyadmin_2.9.1.1-13.diff.gz
 85eaa36525db64fdd0ba9955c9def399 3605314 web extra 
phpmyadmin_2.9.1.1-13_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJK5DbCAAoJECIIoQCMVaAcnqQIAJYA79w/IdQftDzenAXzRv41
YGmyo3SA0X3e76VeLdUstXJa+JvT5uKZNRVx3sh9s+HfIdETKKhNb1pkdla/RmZ1
X55bYpF8HIavS2tJcRaCn9E5txJs5epgz0bd2Mg1uhp3Y07EnbCAR19VG7nqIj87
HPT3CU/i5Y/0GO+JrWPt6Mh59TySEXzCHnDuSpPZUBMWxS5RgyQ7qjIu6HaStixv
IhMl1h4PKD05bwJ2fszHfbXEcP1wW+rQSslWjk3jJyuIGzJ7ES7lhSk6NGzAY8GV
2gUOOoq8aqWRbM1lU8sK+Qfj9lAyKhb1SdGBDky+MnEukId2ANwKZX082J+X/+M=
=DeBv
-----END PGP SIGNATURE-----

--- End Message ---

Bug#551949: marked as done (phpmyadmin: Denial of Service Attack through setup.php)

Reply via email to