| VID |
22096 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
An input validation error exists in phpPgAdmin on the web server that could allow remote users to cause arbitrary files to be included and loaded by the PHP interpreter at runtime.
phpPgAdmin is an easy to use web based administration interface for PostgreSQL written in PHP. A further indication of phpMyAdmin's popularity is the fact that is has since been ported (largely by independent development) from MySQL to also work on PostgreSQL as a separate product called phpPgAdmin.
phpMyAdmin and phpPgAdmin by its common code base makes insecure calls to the PHP function include(). The phpPgAdmin versions below 2.3 allows an attacker to execute arbitrary commands on the remote web server, or to read the configuration files of the installation thereby gaining database credentials with the permissions of the web server user. Please note that enabling 'Advanced Authentication' does not prevent this attack.
* References:
http://www.securityfocus.com/bid/2642
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz |
| Recommendation |
Upgrade to the latest version immediately. You can download the fixed version from:
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
SecureReality is providing patches for the problems from:
phpPgAdmin 2.2.1: http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
Users of earlier versions are advised to upgrade to the versions specified then apply the patches.
To apply the patches:
- cd to the directory in which the application files are stored (e.g
/home/httpd/html/phpPgAdmin/)
- run 'patch -p0 < *Path to patch filename*' |
| Related URL |
CVE-2001-0478 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
