GLSA-200410-14 : phpMyAdmin: Vulnerability in MIME-based transformation system
High Nessus Plugin ID 15511
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200410-14 (phpMyAdmin: Vulnerability in MIME-based transformation system)
A defect was found in phpMyAdmin's MIME-based transformation system, when used with 'external' transformations.
A remote attacker could exploit this vulnerability to execute arbitrary commands on the server with the rights of the HTTP server user.
Enabling PHP safe mode ('safe_mode = On' in php.ini) may serve as a temporary workaround.
SolutionAll phpMyAdmin users should upgrade to the latest version:
# emerge sync # emerge -pv '>=dev-db/phpmyadmin-2.6.0_p2' # emerge '>=dev-db/phpmyadmin-2.6.0_p2'