July 31, 2014

SourceForge distributes phpMyAdmin with backdoor after mirror hacked

(LiveHacking.Com) – SourceForge has stopped using one of its mirrors in Korea after the popular open source website was alerted to a corrupted copy of phpMyAdmin being served from that site. The ‘cdnetworks-kr-1′ mirror in Korea was immediately removed from rotation when it was discovered that the mirror had been hacked (via a yet as unknown vector) and started serving a modified copy of phpMyAdmin-3.5.2.2-all-languages.zip with a built-in backdoor which allowed the execution of arbitrary commands.

According to an advisory posted on the phpMyAdmin  website, the backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

SourceForge has examined its logs and has identified around 400 users who downloaded the hacked file. Where possible SourceForge has send emails to those users if they were able to identify them through the logs.

SourceForge is currently conducting additional validation to confirm that only one file was modified on the ‘cdnetworks-kr-1′ mirror and they will post an update once this process is complete. For the moment the mirror remains out of rotation.

Anyone concerned that they may have downloaded a corrupt version of the popular MySQL administration software should check the phpMyAdmin distribution and download it again from a trusted mirror if it contains the file server_sync.php.

 

phpMyAdmin Released Versing 3.4.9 to Fix XSS Vulnerabilities

(LiveHacking.Com) – phpMyAdmin’s development team has released version 3.4.9 of this open source database administration tool. This new version fixes two critical cross-site scripting (XSS) vulnerabilities in setup interface and the export panels in the server, database and table sections.

All previous versions of phpMyAdmin (3.4.x) and including version 3.4.8 are affected. It is highly recommended to upgrade to version 3.4.9 to correct these security issues.

The new fixes are:

  • bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
  • bug #3442004 [interface] DB suggestion not correct for user with underscore
  • bug #3438420 [core] Magic quotes removed in PHP 5.4
  • bug #3398788 [session] No feedback when result is empty (signon auth_type)
  • bug #3384035 [display] Problems regarding ShowTooltipAliasTB
  • bug #3306875 [edit] Can’t rename a database that contains views
  • bug #3452506 [edit] Unable to move tables with triggers
  • bug #3449659 [navi] Fast filter broken with table tree
  • bug #3448485 [GUI] Firefox favicon frameset regression
  • [core] Better compatibility with mysql extension
  • [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
  • [security] Self-XSS in setup (host parameter), see PMASA-2011-19

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

phpMyAdmin 3.4.4 and 3.3.10.4 Fix XSS Vulnerability

(LiveHacking.Com) - Norman Hippert from The-Wildcat.de has discovered a vulnerability in phpMyAdmin, the open source database administration tool. As a result the phpMyAdmin developers have announced the release of versions 3.4.4 and 3.3.10.4. These new versions close the hole, discovered by Norman, in the Tracking feature that can lead to multiple cross-site scripting (XSS) vulnerabilities.

The vulnerability exists due to improper sanitisation when input is passed to the table, column and index names. Although, to exploit this vulnerability an attacker must be logged into phpMyAdmin, the development team “consider this vulnerability to be serious.”

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Further information about the updates can be found in the 3.4.4 and 3.3.10.4 release announcements and in the project’s security advisories.

PhpMyAdmin Project Releases Security Update

(LiveHacking.Com) – The phpMyAdmin team has released versions 3.4.3.2 and 3.3.10.3 of the phpMyAdmin open source database administration tool.

The new versions patched a total of four security holes in phpMyAdmin. According to the phpMyAdmin project website, the security releases address two “critical” vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. Further, a critical bug that could allow an intruder to perform a local file inclusion have been fixed in this version.

All users are advised to update to the latest versions. The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

phpMyAdmin 3.3.10.2 and 3.4.3.1 Released – Multiple Vulnerabilities Fixed

The phpMyAdmin development team has released versions 3.3.10.2 and 3.4.3.1 of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin

phpMyAdmin is prone to a cross-site scripting vulnerability due to insufficient user-supplied data sanitization.

According to the vulnerability disclosure, an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The attacker must entice an unsuspecting user to follow a malicious URI. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

All versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Updates are available to fix this issue.

phpMyAdmin Vulnerability and Brute Force SSH Attacks

phpMyAdmin Vulnerability and Brute Force SSH Attacks

There are one or multiple large botnets that are actively exploiting a vulnerability in phpMyAdmin. This exploit in older versions (below 3.2.4) of the package allows remote code execution on the server.

According to malwarecity, these botnets have been using this exploit to upload a bot named “dd_ssh” which can be executed at root level. This bot then conducts brute force SSH attacks on random IP addresses specified by the bot herder.

Many people who have been attacked have logs showing a flood of http requests from IPs in Asia and Eastern Europe that query the version of phpMyAdmin. Upon execution the attacker drops the malicious files in /tmp/vm.c and /tmp/dd_ssh, and then start the dd_ssh service.

Read more here at malwarecity.com.

Source: [Malwarecity]