Tuesday, September 25, 2012

phpMyAdmin Compromised Source Package Backdoor Security Issue

A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.

Secunia ID
Release Date
25 Sep 2012
Criticality
Solution Status
Vendor Patch
Software
phpMyAdmin 3.x
Where
Impact
System access
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description
A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.
The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.
The compromised source file was distributed via the "cdnetworks-kr-1" SourceForge mirror with the phpMyAdmin-3.5.2.2-all-languages.zip download.
Solution
Download and reinstall phpMyAdmin.
Reported by
The vendor credits Tencent Security Response Center.
Original Advisory

3 comments:

rakesh said...

hi i like you blog please visit
http://www.vrditservices.com
Install Xine player in RHEL5

webzin said...

Interactive home security systems from Protection Concepts based in Marietta and serving Atlanta, Georgia. Monitoring starts at $14.95 a month.

Atlanta Security provider

richard staple said...

With Lloyd Security Energy Management services you can remotely adjust your lights and thermostats and set energy saving Smart Schedules™ to fit your lifestyle. Lloyd Security can help you stop wasting energy and start taking control of your energy bills.
Minnetonka home security