CVE-2005-2256
CVSS5.0
发布时间 :2005-07-13 00:00:00
修订时间 :2008-09-05 16:51:17
NMCOPS    

[原文]Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.


[CNNVD]phpPgAdmin 目录遍历漏洞(CNNVD-200507-170)

        phpPgAdmin是一款基于PHP开发的免费软件包,为PostgreSQL数据库管理提供图形界面。
        phpPgAdmin 3.1至3.5.3版本中存在目录遍历漏洞。
        远程攻击者可利用此漏洞,在formLanguage参数使用"%2e%2e%2f"的方式,访问服务器任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:phppgadmin:phppgadmin:3.3
cpe:/a:phppgadmin:phppgadmin:3.4.1
cpe:/a:phppgadmin:phppgadmin:3.4
cpe:/a:phppgadmin:phppgadmin:3.1
cpe:/a:phppgadmin:phppgadmin:3.5.3
cpe:/a:phppgadmin:phppgadmin:3.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2256
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2256
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-170
(官方数据源) CNNVD

- 其它链接及资源

http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html
(VENDOR_ADVISORY)  MISC  http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html
http://www.securityfocus.com/bid/14142
(UNKNOWN)  BID  14142
http://securitytracker.com/id?1014414
(UNKNOWN)  SECTRACK  1014414
http://secunia.com/advisories/15941
(VENDOR_ADVISORY)  SECUNIA  15941
http://www.debian.org/security/2005/dsa-759
(UNKNOWN)  DEBIAN  DSA-759
http://sourceforge.net/project/shownotes.php?release_id=342261
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=342261
http://secunia.com/advisories/16116
(UNKNOWN)  SECUNIA  16116
http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html
(UNKNOWN)  MLIST  [Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!

- 漏洞信息

phpPgAdmin 目录遍历漏洞
中危 路径遍历
2005-07-13 00:00:00 2005-10-20 00:00:00
远程  
        phpPgAdmin是一款基于PHP开发的免费软件包,为PostgreSQL数据库管理提供图形界面。
        phpPgAdmin 3.1至3.5.3版本中存在目录遍历漏洞。
        远程攻击者可利用此漏洞,在formLanguage参数使用"%2e%2e%2f"的方式,访问服务器任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://sourceforge.net/projects/phppgadmin/files/

- 漏洞信息 (F38759)

Debian Linux Security Advisory 759-1 (PacketStormID:F38759)
2005-07-19 00:00:00
Debian  security.debian.org
advisory,php
linux,debian
CVE-2005-2256
[点击下载]

Debian Security Advisory DSA 759-1 - A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that magic_quotes_gpc is disabled.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 759-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 18th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : phppgadmin
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2256
BugTraq ID     : 14142

A vulnerability has been discovered in phppgadmin, a set of PHP
scripts to administrate PostgreSQL over the WWW, that can lead to
disclose sensitive information.  Successful exploitation requires that
"magic_quotes_gpc" is disabled.

the old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 3.5.2-5.

For the unstable distribution (sid) this problem has been fixed in
version 3.5.4.

We recommend that you upgrade your phppgadmin package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.dsc
      Size/MD5 checksum:      584 46f4509ee768781e441286d125afe0f5
    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.diff.gz
      Size/MD5 checksum:    10063 8f1d0323ae84979c21a409334c6e70db
    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2.orig.tar.gz
      Size/MD5 checksum:   612995 9978c0a723a9e4572f2264478c0ba193

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5_all.deb
      Size/MD5 checksum:   601022 b9e4117adf7ef565e6884fbde4daaf9f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC24QQW5ql+IAeqTIRAuNeAJ9gsmWwsgBINoKXojvNE3wH54IWJACgi/FK
A0LZceCQa5vcLWI8fHuR+OA=
=I1x/
-----END PGP SIGNATURE-----

    

- 漏洞信息

17758
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

phpPgAdmin contains a flaw that allows a remote attacker to include files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the formLanguage variable.

- 时间线

2005-07-04 Unknow
2005-07-04 Unknow

- 解决方案

Upgrade to version 3.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHPPGAdmin Login Form Directory Traversal Vulnerability
Input Validation Error 14142
Yes No
2005-07-05 12:00:00 2009-07-12 04:06:00
Discovery is credited to <rznvynqqe@hushmail.com>.

- 受影响的程序版本

phpPgAdmin phpPgAdmin 3.5.3
phpPgAdmin phpPgAdmin 3.5.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
phpPgAdmin phpPgAdmin 3.4.1
phpPgAdmin phpPgAdmin 3.4
phpPgAdmin phpPgAdmin 3.3
phpPgAdmin phpPgAdmin 3.2
phpPgAdmin phpPgAdmin 3.1

- 漏洞讨论

phpPgAdmin is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the login form.

All versions of phpPgAdmin are considered to be vulnerable at the moment.

- 漏洞利用

An exploit is not required.

The following proof of concept is available:
formUsername=username&amp;formPassword=password&amp;formServer=0&amp;formLanguag
e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et
c/passwd%00&amp;submitLogin=Login

- 解决方案

Debian has released advisory DSA 759-1 to address this issue. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站