From owner-freebsd-ports@FreeBSD.ORG  Thu Oct 13 17:35:01 2005
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: ports@freebsd.org
Delivered-To: freebsd-ports@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A27EC16A41F;
	Thu, 13 Oct 2005 17:35:01 +0000 (GMT) (envelope-from mit@mitayai.org)
Received: from dave.toronto-on-ca.9trackmind.com (206-223-168-22.beanfield.net
	[206.223.168.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E8FF543D45;
	Thu, 13 Oct 2005 17:35:00 +0000 (GMT) (envelope-from mit@mitayai.org)
Received: from localhost (localhost [127.0.0.1])
	by av.9trackmind.com (Postfix) with ESMTP id 73C66105104;
	Thu, 13 Oct 2005 13:36:57 -0400 (EDT)
Received: from amavis.9trackmind.com ([127.0.0.1])
	by localhost (dave.toronto-on-ca.9trackmind.c [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id 61967-09; Thu, 13 Oct 2005 13:36:49 -0400 (EDT)
Received: from [192.168.2.101] (206-223-168-22.beanfield.net [206.223.168.22])
	by dave.toronto-on-ca.9trackmind.com (Postfix) with ESMTP;
	Thu, 13 Oct 2005 13:36:49 -0400 (EDT)
Message-ID: <434E9AB2.7030209@mitayai.org>
Date: Thu, 13 Oct 2005 13:34:42 -0400
From: Mit Rowe <mit@mitayai.org>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ports@freebsd.org,  security@freebsd.org
Content-Type: multipart/mixed; boundary="------------040600060800010301050000"
X-Virus-Scanned: amavisd-new at 9trackmind.com
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: [Fwd: phpmyadmin vulnerability]
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2005 17:35:01 -0000

This is a multi-part message in MIME format.
--------------040600060800010301050000
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

current port version 2.6.4-pl1 vulnerable


    phpMyAdmin security announcement PMASA-2005-4

Announcement-ID: PMASA-2005-4
Date: 2005-10-11

*Summary*:
Local file inclusion vulnerability

*Description*:
In libraries/grab_globals.lib.php, the $__redirect parameter was not 
correctly validated, opening the door to a local file inclusion attack.

*Severity*:
We consider this vulnerability to be serious. However, it can be 
exploited only on systems not running in PHP safe mode (unless a 
deliberate hole was opened by including in open_basedir some paths 
containing sensitive data).

*Affected versions*:
phpMyAdmin versions 2.6.4 and 2.6.4-pl1.

*Solution:*
Upgrade to phpMyAdmin 2.6.4-pl2 or newer.

For further information and in case of questions, please contact the 
phpMyAdmin team. Our website is http://www.phpmyadmin.net/ 
<http://www.phpmyadmin.net>.


-- 
Will Mitayai Keeso Rowe
Technical Director
9TrackMind, Inc.
mit@9trackmind.com
mobile: +1.416.219 2512


--------------040600060800010301050000
Content-Type: message/rfc822;
 name="phpmyadmin vulnerability"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="phpmyadmin vulnerability"

Return-Path: <audasee@dreaming.org>
X-Original-To: mit@mitayai.org
Delivered-To: mit@mitayai.org
Received: from localhost (localhost [127.0.0.1])
	by av.9trackmind.com (Postfix) with ESMTP id A11D3105104
	for <mit@mitayai.org>; Thu, 13 Oct 2005 13:19:48 -0400 (EDT)
Received: from amavis.9trackmind.com ([127.0.0.1])
	by localhost (dave.toronto-on-ca.9trackmind.c [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id 61383-20 for <mit@mitayai.org>;
	Thu, 13 Oct 2005 13:19:40 -0400 (EDT)
Received: from fep6.cogeco.net (smtp.cogeco.net [216.221.81.25])
	by dave.toronto-on-ca.9trackmind.com (Postfix) with ESMTP
	for <mit@mitayai.org>; Thu, 13 Oct 2005 13:19:37 -0400 (EDT)
Received: from Spinauda (d38-169-123.home1.cgocable.net [72.38.169.123])
	by fep6.cogeco.net (Postfix) with SMTP id 35E41E98
	for <mit@mitayai.org>; Thu, 13 Oct 2005 13:17:25 -0400 (EDT)
Message-ID: <00a601c5d019$fb9a9960$6500a8c0@Spinauda>
From: "AuDaSeE" <audasee@dreaming.org>
To: "Mit Rowe" <mit@mitayai.org>
References: <433808A6.20608@mitayai.org>
Subject: phpmyadmin vulnerability
Date: Thu, 13 Oct 2005 13:17:25 -0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scanned: amavisd-new at 9trackmind.com

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4

--------------040600060800010301050000--