14 DAY TRIAL // The phpMyAdmin development team has released critical updates for the popular web-based database management tool in order to patch several vulnerabilities that can be exploited to execute arbitrary code.
The new 3.3.10.2 and 3.4.3.1 versions address a total of four security issues rated as highly critical by vulnerability research company Secunia.
One of the flaws (CVE-2011-2505) stems from an error in the Swekey authentication function and can be exploited to manipulate the PHP session superglobal.
This can be leveraged in other attacks, including the injection and execution of arbitrary PHP code.
Another vulnerability (CVE-2011-2507) stems from the improper sanitizing of input passed to the PMA_createTargetTables() function in libraries/server_synchronize.lib.php.
This allows attackers to truncate the pattern string and pass the /e modifier to preg_replace() which causes the second argument to be executed as PHP code.
The third vulnerability (CVE-2011-2508) is also related to improperly sanitized input, but in the "PMA_displayTableBody()" function. The vulnerability can be leveraged to include files from local resources via directory traversal techniques.
Finally, a weakness in setup scripts (CVE-2011-2506) was addressed. Attackers can exploit it to overwrite session variables and this can lead to arbitrary code injection.
Frans Pehrson from Xxor AB is credited with discovering all of these vulnerabilities. None of them affect the older 2.11.x phpMyadmin branch.
phpMyAdmin is an open source software package written in PHP which allows MySQL databases to be administered via a web interface. It is popular with webmasters and hosting providers because it is more intuitive than the command line and doesn't require SSH access.
The software is included by default in many Linux distributions so the patches will be ported by the maintainers of those packages. All other users are strongly encouraged to manually upgrade to the new versions.
The latest version of phpMyAdmin can be downloaded from here.