The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpMyAdmin-2.6.0-pl2 is released

Discussion in 'Database Discussions' started by trparky, Oct 13, 2004.

  1. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    This is patch level 2 of phpMyAdmin 2.6.0, containing a security fix and a few other fixes (see ChangeLog).

    Security fix: If PHP is not running in safe mode, a problem in the MIME-based transformation system (with an "external" transformation) allows to execute any command with the privileges of the web server's user.
     
  2. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    Hey CPanel, when are you going to send an update out for this?
     
  3. TCHMike

    TCHMike Registered
    PartnerNOC

    Joined:
    Aug 24, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Texas
    I'm wondering the same thing, I've had several customers ask me already this morning.
     
  4. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    you know getting the attention of cpanel through the forums is not the way.

    Either use bugzilla to report the issue and label it as URGENT and PRIORITY1

    Or email the issue to security@cpanel.net (only if urgent)

    Only then will they know about it..

    The staff dont check these forums every day.

    I have created a bug report check it out here.

    http://bugzilla.cpanel.net/show_bug.cgi?id=1414

    Sheldon
     
  5. Rubas

    Rubas Well-Known Member

    Joined:
    Sep 15, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
  6. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    interesting... ill talk to Billy and see whats up.

    Sheldon
     
  7. cPanelBilly

    cPanelBilly Guest

    This was received by the security team, however this does not warrent an immediate update. The vulnerability allows users to execute commands as the user "nobody" in cPanel which has no access privlages. It is the same as someone passing system commands in perl.
    While this will be updated we will wait and make sure all the bugs in it are worked out first.
     
  8. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    there ya go.. an official response :)

    dont say I didnt help you all out :P

    LOL
     
  9. Rubas

    Rubas Well-Known Member

    Joined:
    Sep 15, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    Okay, I thought the phpmyadmin run under the user "cpanel".
     
Loading...

Share This Page