Possible compromised version of phpMyAdmin has been distributed from sourceforge mirrors

If you are running phpMyAdmin, and have recently performed an update, you might have a compromised version.  In short, any version that was downloaded from the SourceForge Mirror site – cdnetworks-kr-1 and contains file – server_sync.php. probably contains a backdoor. As this vulnerability is classified as EXTREMELY CRITICAL, I would suggest you verify that no such file exists in your installed version.

http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

Solution

Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.

http://secunia.com/advisories/50703/

Secunia Advisory SA50703

phpMyAdmin Compromised Source Package Backdoor Security Issue

Secunia Advisory               SA50703

Release Date      2012-09-25

Criticality level Extremely critical

Description

A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.

 

The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.

 

The compromised source file was distributed via the “cdnetworks-kr-1″ SourceForge mirror with the phpMyAdmin-3.5.2.2-all-languages.zip download.

 

Solution

Download and reinstall phpMyAdmin.

Provided and/or discovered by

The vendor credits Tencent Security Response Center.

 

Original Advisory

http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

 

 

Tags:

Categories: Uncategorized