phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various security bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326, CVE-2008-5621, CVE-2008-5622)

This update of phpMyAdmin fixes the following bugs :

  - CVE-2008-1149: SQL injection, CSRF attacks using crafted     cookies

  - CVE-2008-1567: local users can steal session     information/credentials

  - CVE-2008-1924: in a shared host environment users with     CREAT permissions can read arbitrary files

  - CVE-2008-3456: cross-site framing attack

  - CVE-2008-3457: user-assisted XSS attack

A phpMyAdmin security announcement report :

phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.

Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2008-1924     Attackers with CREATE table permissions were allowed to     read arbitrary files readable by the webserver via a     crafted HTTP POST request.

  - CVE-2008-1567     The PHP session data file stored the username and     password of a logged in user, which in some setups can     be read by a local user.

  - CVE-2008-1149     Cross site scripting and SQL injection were possible by     attackers that had permission to create cookies in the     same cookie domain as phpMyAdmin runs in.

This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
40107	openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)	Nessus	SuSE Local Security Checks	high
35449	openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)	Nessus	SuSE Local Security Checks	high
34813	openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5781)	Nessus	SuSE Local Security Checks	medium
32065	FreeBSD : phpmyadmin -- Username/Password Session File Information Disclosure (6eb1dc51-1244-11dd-bab7-0016179b2dd5)	Nessus	FreeBSD Local Security Checks	low
32058	Debian DSA-1557-1 : phpmyadmin - insufficient input sanitising	Nessus	Debian Local Security Checks	medium
31751	Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)	Nessus	Fedora Local Security Checks	low
31745	Fedora 8 : phpMyAdmin-2.11.5.1-1.fc8 (2008-2825)	Nessus	Fedora Local Security Checks	low

Detections

Analytics

CVE-2008-1567

medium

Tenable Plugins

high

high

medium

low

medium

low

low