On tongersdei 25 Juny 2009, Olaf van der Spek wrote: > I've no idea how the phpinfo() ended up in this file, but I've seen it on > multiple servers. Could this be a vulnerability in phpMyAdmin? Or some bug > in the Debian package?
Hi Olaf, As it seems this is the result of a phpMyAdmin worm that was released recently: http://isc.sans.org/diary.html?storyid=6619 It uses a vulnerability in the setup.php script. We did not patch that vulnerability earlier because in Debian, the setup.php script is supposed to be protected by a htaccess-type setup. Still it seems that some installations in one way or the other have an exposed setup.php. We will be releasing updated packages as soon as possible to also protect this group. cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
