CVE-2011-2719 Information

Description

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication which allows remote attackers to modify the SESSION superglobal array other superglobal arrays and certain swekey.auth.lib.php local variables via a crafted query string a related issue to CVE-2011-2505.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://osvdb.org/74112 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 http://seclists.org/fulldisclosure/2011/Jul/300 http://secunia.com/advisories/45315 http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http://securityreason.com/securityalert/8322 http://www.debian.org/security/2011/dsa-2286 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://www.openwall.com/lists/oss-security/2011/07/25/4 http://www.openwall.com/lists/oss-security/2011/07/26/10 http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php http://www.securityfocus.com/archive/1/518967/100/0/threaded http://www.securityfocus.com/archive/1/519155/100/0/threaded http://www.securityfocus.com/bid/48874 http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt https://bugzilla.redhat.com/show_bug.cgi?id=725384 https://exchange.xforce.ibmcloud.com/vulnerabilities/68769