Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1567

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-1567
Last Modified 10 Aug 2011 12:00:00
Published 31 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1567

Summary

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

Vulnerable Systems

Application

  • Phpmyadmin 2.10.0.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.1.0

  • Phpmyadmin 2.10.2.0

  • Phpmyadmin 2.10.3.0

  • Phpmyadmin 2.11.0.0

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.4.0

  • Phpmyadmin 2.11.5.0


References

BID - 28560

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2

DEBIAN - DSA-1557

FEDORA - FEDORA-2008-2874

FEDORA - FEDORA-2008-2825

XF - phpmyadmin-sessiondata-info-disclosure(41541)

VUPEN - ADV-2008-1037

MANDRIVA - MDVSA-2008:131

MISC - http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408

SECUNIA - 33822

SECUNIA - 32834

SECUNIA - 30816

SECUNIA - 29964

SECUNIA - 29613

SECUNIA - 29588

SUSE - SUSE-SR:2009:003

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:47:34