Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120925150706.GA30534@suse.de>
Date: Tue, 25 Sep 2012 17:07:07 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
	Mitre CVE assign department <cve-assign@...re.org>
Subject: Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident

On Tue, Sep 25, 2012 at 10:52:20AM -0400, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
>   based on:
>   [1] http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
>   [2] http://secunia.com/advisories/50703/
> 
> looks (more from [1]): "One server from the SourceForge.net mirror
> system was distributing a phpMyAdmin kit containing a backdoor,
> allowing remotely to execute arbitrary PHP code."
> 
> Could you allocate a CVE id for this? (I think it's appropriate)

FWIW, it is possible that this mirror has distributed more backdoored
software and not just phpMyAdmin.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.