According to the CVE-2004-2630[1] and the advisory from the phpMyAdmin
team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command
execution vulnerability described by phpMyAdmin_remote_cmd.nasl (script
id 15748). Bugtraq says different[3].
If that's the case, the version pattern can be changed from:
(2\.[0-5]\..*|2\.6\.0$|2\.6\.0-pl1)
to:
(2\.5\..*|2\.6\.0$|2\.6\.0-pl1)
(patch attached)
[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2630
[2]: http://www.phpmyadmin.net/home_page/security/PMASA-2004-2.php
[3]: http://www.securityfocus.com/bid/11391/
Regards
--
Simon Ward
Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command
execution vulnerability described by phpMyAdmin_remote_cmd.nasl (script
id 15748). Bugtraq says different[3].
If that's the case, the version pattern can be changed from:
(2\.[0-5]\..*|2\.6\.0$|2\.6\.0-pl1)
to:
(2\.5\..*|2\.6\.0$|2\.6\.0-pl1)
(patch attached)
[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2630
[2]: http://www.phpmyadmin.net/home_page/security/PMASA-2004-2.php
[3]: http://www.securityfocus.com/bid/11391/
Regards
--
Simon Ward
Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Attached Files:
-
phpMyAdmin_remote_cmd-2.5.patch (0.39 KB)