Bug#534618: /var/lib/phpmyadmin/config.inc.php gets broken

Thu, 25 Jun 2009 13:05:16 -0700 

Package: phpmyadmin
Version: 4:2.11.8.1-5
Severity: normal

Hi,

I've no idea how the phpinfo() ended up in this file, but I've seen it on 
multiple servers. Could this be a vulnerability in phpMyAdmin?
Or some bug in the Debian package?

Olaf

/var/lib/phpmyadmin/config.inc.php:
<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 2.11.8.1deb5 setup script by Michal Cihar 
<[email protected]>
 * Version: $Id: setup.php 11423 2008-07-24 17:26:05Z lem9 $
 * Date: Sat, 13 Jun 2009 15:48:01 GMT
 */

/* Servers configuration */
$i = 0;

/* Server  (config:root) [1] */
$i++;
$cfg['Servers'][$i]['host']=''; phpinfo();//'] = 'localhost';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';

/* End of servers configuration */

?>

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages phpmyadmin depends on:
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  perl               5.10.0-19             Larry Wall's Practical Extraction 
ii  php5-cgi           5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii  php5-mcrypt        5.2.6.dfsg.1-1+lenny3 MCrypt module for php5
ii  php5-mysql         5.2.6.dfsg.1-1+lenny3 MySQL module for php5

Versions of packages phpmyadmin recommends:
ii  lighttpd [httpd]   1.4.19-5              A fast webserver with minimal memo
ii  php5-gd            5.2.6.dfsg.1-1+lenny3 GD module for php5

Versions of packages phpmyadmin suggests:
ii  mysql-server           5.0.51a-24+lenny1 MySQL database server (metapackage
ii  mysql-server-5.0 [mysq 5.0.51a-24+lenny1 MySQL database server binaries

-- debconf information:
  phpmyadmin/setup-username: admin
* phpmyadmin/reconfigure-webserver:



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to