Vulnerabilities in phpMyAdmin, Dell's TrueMobile 2300 Wireless Router and couple of PoC exploits.

Published: 2005-12-08
Last Updated: 2005-12-08 22:35:23 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
Otherwise slow day was interrupted by a small flood of vulnerability advisories and exploits. Be sure to patch your systems if you use any of the products mentioned below.

Stefan Esser published a critical vulnerability in phpMyAdmin, popular web based MySQL administration package. What's interesting about this vulnerability is that, in fact, it happens in the code which should protect the application.
The variable $import_blocklist is supposed to list variables that may not be overwritten. However, as this variable is not protected, an attacker can overwrite it and change the blocklist, after which this can be exploited to execute arbitrary script code in user's browser session, in the context of the site running a vulnerable installation of phpMyAdmin.

If you use this product, be sure to upgrade to phpMyAdmin 2.7.0-p1 from http://sourceforge.net/project/showfiles.php?group_id=23067. The original advisory is at http://www.hardened-php.net/advisory_252005.110.html.

Thanks to Richard for sending the note!



Besides this, iDefense published an advisory about a design error in Dell's TrueMobile 2300 Wireless Broadband Router. By accessing a certain page it is possible to obtain another page which will allow an attacker to reset authentication credentials.
It was reported that the following firmware versions are affected:
* 3.0.0.8, dated 07/24/2003
* 5.1.1.6, dated 1/31/2004

Dell stated that this product is no longer being sold and that it was replaced with newer models which are not affected by this vulnerability, so no patch will be released.
We wonder if you can go and return the device for a new one - let us know if you try to do this.



Finally, PoC exploits for some old vulnerabilities have been released.

First one is for a two-year old Oracle 9i vulnerability, XDB HTTP Authentication Remote Stack Overflow Exploit. You can find more information about the vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0727.

The second exploit was for HP OpenView Network Node Manager Remote Command Execution vulnerability. connectedNodes.ovpl, a script that comes with HP OpenView, had inadequate input validation so an attacker was able to execute arbitrary system level commands. HP released the patch for this vulnerability on 5th of October; their original advisory is available at http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01224.

Keywords:
0 comment(s)

Comments


Diary Archives