phpMyAdmin - Security - PMASA-2012-5

PMASA-2015-3
PMASA-2015-2
PMASA-2015-1
PMASA-2014-18
PMASA-2014-17
PMASA-2014-16
PMASA-2014-15
PMASA-2014-14
PMASA-2014-13
PMASA-2014-12
PMASA-2014-11
PMASA-2014-10
PMASA-2014-9
PMASA-2014-8
PMASA-2014-7
PMASA-2014-6
PMASA-2014-5
PMASA-2014-4
PMASA-2014-3
PMASA-2014-2
PMASA-2014-1
PMASA-2013-15
PMASA-2013-14
PMASA-2013-13
PMASA-2013-12
PMASA-2013-11
PMASA-2013-10
PMASA-2013-9
PMASA-2013-8
PMASA-2013-7
PMASA-2013-6
PMASA-2013-5
PMASA-2013-4
PMASA-2013-3
PMASA-2013-2
PMASA-2013-1
PMASA-2012-7
PMASA-2012-6
PMASA-2012-5
PMASA-2012-4
PMASA-2012-3
PMASA-2012-2
PMASA-2012-1
PMASA-2011-20
PMASA-2011-19
PMASA-2011-18
PMASA-2011-17
PMASA-2011-16
PMASA-2011-15
PMASA-2011-14
PMASA-2011-13
PMASA-2011-12
PMASA-2011-11
PMASA-2011-10
PMASA-2011-9
PMASA-2011-8
PMASA-2011-7
PMASA-2011-6
PMASA-2011-5
PMASA-2011-4
PMASA-2011-3
PMASA-2011-2
PMASA-2011-1
PMASA-2010-10
PMASA-2010-9
PMASA-2010-8
PMASA-2010-7
PMASA-2010-6
PMASA-2010-5
PMASA-2010-4
PMASA-2010-3
PMASA-2010-2
PMASA-2010-1
PMASA-2009-6
PMASA-2009-5
PMASA-2009-4
PMASA-2009-3
PMASA-2009-2
PMASA-2009-1
PMASA-2008-10
PMASA-2008-9
PMASA-2008-8
PMASA-2008-7
PMASA-2008-6
PMASA-2008-5
PMASA-2008-4
PMASA-2008-3
PMASA-2008-2
PMASA-2008-1
PMASA-2007-8
PMASA-2007-7
PMASA-2007-6
PMASA-2007-5
PMASA-2007-4
PMASA-2007-3
PMASA-2007-2
PMASA-2007-1
PMASA-2006-9
PMASA-2006-8
PMASA-2006-7
PMASA-2006-6
PMASA-2006-5
PMASA-2006-4
PMASA-2006-3
PMASA-2006-2
PMASA-2006-1
PMASA-2005-9
PMASA-2005-8
PMASA-2005-7
PMASA-2005-6
PMASA-2005-5
PMASA-2005-4
PMASA-2005-3
PMASA-2005-2
PMASA-2005-1
PMASA-2004-4
PMASA-2004-3
PMASA-2004-2
PMASA-2004-1
PMASA-2003-1

PMASA-2012-5

Announcement-ID: PMASA-2012-5

Date: 2012-09-25

Updated: 2012-09-26

Summary

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

Description

One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

Severity

We consider this vulnerability to be critical.

Affected Versions

We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.

Solution

Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.

References

Thanks to Tencent Security Response Center for letting us know about this issue. You can also find additional details in SourceForge blog.

Assigned CVE ids: CVE-2012-5159

CWE ids: CWE-661 CWE-95

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.