CVE-2011-2719
Published: 1 August 2011
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(4:3.4.3.2-1)
|
|
precise |
Not vulnerable
(4:3.4.3.2-1)
|
|
quantal |
Not vulnerable
(4:3.4.3.2-1)
|
|
raring |
Not vulnerable
(4:3.4.3.2-1)
|
|
saucy |
Not vulnerable
(4:3.4.3.2-1)
|
|
upstream |
Released
(3.3.10.3,3.4.3.2)
|
|
Patches: upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754 |