发布时间 :2005-07-13 00:00:00
修订时间 :2008-09-05 16:51:17

[原文]Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

[CNNVD]phpPgAdmin 目录遍历漏洞(CNNVD-200507-170)

        phpPgAdmin 3.1至3.5.3版本中存在目录遍历漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  14142
(UNKNOWN)  MLIST  [Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!

- 漏洞信息

phpPgAdmin 目录遍历漏洞
中危 路径遍历
2005-07-13 00:00:00 2005-10-20 00:00:00
        phpPgAdmin 3.1至3.5.3版本中存在目录遍历漏洞。

- 公告与补丁


- 漏洞信息 (F38759)

Debian Linux Security Advisory 759-1 (PacketStormID:F38759)
2005-07-19 00:00:00

Debian Security Advisory DSA 759-1 - A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that magic_quotes_gpc is disabled.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 759-1                                        Martin Schulze
July 18th, 2005               
- --------------------------------------------------------------------------

Package        : phppgadmin
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2256
BugTraq ID     : 14142

A vulnerability has been discovered in phppgadmin, a set of PHP
scripts to administrate PostgreSQL over the WWW, that can lead to
disclose sensitive information.  Successful exploitation requires that
"magic_quotes_gpc" is disabled.

the old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.5.2-5.

For the unstable distribution (sid) this problem has been fixed in
version 3.5.4.

We recommend that you upgrade your phppgadmin package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      584 46f4509ee768781e441286d125afe0f5
      Size/MD5 checksum:    10063 8f1d0323ae84979c21a409334c6e70db
      Size/MD5 checksum:   612995 9978c0a723a9e4572f2264478c0ba193

  Architecture independent components:
      Size/MD5 checksum:   601022 b9e4117adf7ef565e6884fbde4daaf9f

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.1 (GNU/Linux)



- 漏洞信息

phpPgAdmin index.php formLanguage Parameter Local File Inclusion
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

phpPgAdmin contains a flaw that allows a remote attacker to include files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the formLanguage variable.

- 时间线

2005-07-04 Unknow
2005-07-04 Unknow

- 解决方案

Upgrade to version 3.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHPPGAdmin Login Form Directory Traversal Vulnerability
Input Validation Error 14142
Yes No
2005-07-05 12:00:00 2009-07-12 04:06:00
Discovery is credited to <>.

- 受影响的程序版本

phpPgAdmin phpPgAdmin 3.5.3
phpPgAdmin phpPgAdmin 3.5.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
phpPgAdmin phpPgAdmin 3.4.1
phpPgAdmin phpPgAdmin 3.4
phpPgAdmin phpPgAdmin 3.3
phpPgAdmin phpPgAdmin 3.2
phpPgAdmin phpPgAdmin 3.1

- 漏洞讨论

phpPgAdmin is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the login form.

All versions of phpPgAdmin are considered to be vulnerable at the moment.

- 漏洞利用

An exploit is not required.

The following proof of concept is available:

- 解决方案

Debian has released advisory DSA 759-1 to address this issue. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考