Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phpliteadmin: CVE-2018-10362: Authorization bypass

Related Vulnerabilities: CVE-2018-10362  

Source

Debian Bug report logs - #896682
phpliteadmin: CVE-2018-10362: Authorization bypass

version graph

Package: src:phpliteadmin; Maintainer for src:phpliteadmin is Nicholas Guriev <guriev-ns@ya.ru>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Mon, 23 Apr 2018 14:09:02 UTC

Severity: grave

Tags: security, upstream

Found in version phpliteadmin/1.9.7.1-1

Fixed in version phpliteadmin/1.9.7.1-2

Done: Nicholas Guriev <guriev-ns@ya.ru>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/phpLiteAdmin/pla/issues/11

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Nicholas Guriev <guriev-ns@ya.ru>:
Bug#896682; Package src:phpliteadmin. (Mon, 23 Apr 2018 14:09:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Nicholas Guriev <guriev-ns@ya.ru>. (Mon, 23 Apr 2018 14:09:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: phpliteadmin: Authorization bypass in Authorization.php
Date: Mon, 23 Apr 2018 16:07:18 +0200
Source: phpliteadmin
Version: 1.9.7.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/phpLiteAdmin/pla/issues/11

See https://github.com/phpLiteAdmin/pla/issues/11 and
http://www.openwall.com/lists/oss-security/2018/04/23/1 for details. A
CVE will be requested by the reporter.

Regards,
Salvatore

Changed Bug title to 'phpliteadmin: CVE-2018-10362: Authorization bypass' from 'phpliteadmin: Authorization bypass in Authorization.php'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 25 Apr 2018 06:33:02 GMT) (full text, mbox, link).

Message sent on to Salvatore Bonaccorso <carnil@debian.org>:
Bug#896682. (Thu, 17 May 2018 06:33:03 GMT) (full text, mbox, link).

Message #10 received at 896682-submitter@bugs.debian.org (full text, mbox, reply):

From: guriev-ns@ya.ru
To: 896682-submitter@bugs.debian.org
Subject: Bug #896682 in phpliteadmin marked as pending
Date: Thu, 17 May 2018 06:29:14 +0000
Control: tag -1 pending

Hello,

Bug #896682 in phpliteadmin reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/mymedia-guest/phpliteadmin/commit/24dca3e926b01d5e7f05073016f73fbc39bc302b

------------------------------------------------------------------------
Add Fix-authentication-bypass.patch

Closes: #896682

------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/896682

Added tag(s) pending. Request was from guriev-ns@ya.ru to 896682-submitter@bugs.debian.org. (Thu, 17 May 2018 06:33:03 GMT) (full text, mbox, link).

Reply sent to Nicholas Guriev <guriev-ns@ya.ru>:
You have taken responsibility. (Thu, 24 May 2018 22:24:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 24 May 2018 22:24:10 GMT) (full text, mbox, link).

Message #17 received at 896682-close@bugs.debian.org (full text, mbox, reply):

From: Nicholas Guriev <guriev-ns@ya.ru>
To: 896682-close@bugs.debian.org
Subject: Bug#896682: fixed in phpliteadmin 1.9.7.1-2
Date: Thu, 24 May 2018 22:20:39 +0000
Source: phpliteadmin
Source-Version: 1.9.7.1-2

We believe that the bug you reported is fixed in the latest version of
phpliteadmin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 896682@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Guriev <guriev-ns@ya.ru> (supplier of updated phpliteadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 May 2018 20:25:20 +0300
Source: phpliteadmin
Binary: phpliteadmin phpliteadmin-themes
Architecture: source
Version: 1.9.7.1-2
Distribution: unstable
Urgency: medium
Maintainer: Nicholas Guriev <guriev-ns@ya.ru>
Changed-By: Nicholas Guriev <guriev-ns@ya.ru>
Description:
 phpliteadmin - web-based SQLite database admin tool
 phpliteadmin-themes - web-based SQLite database admin tool - themes
Closes: 896682
Changes:
 phpliteadmin (1.9.7.1-2) unstable; urgency=medium
 .
   * Fix CVE-2018-10362 by Fix-authentication-bypass.patch (closes: #896682)
   * Remove explicit dependence on php7.0 in Apache configuration file
   * Migrate package repository to salsa.debian.org
   * Bump debhelper and standards version, no changes for this
Checksums-Sha1:
 6d68d4c2b8c9ba6d387f61b0fffb2e4b12ab7b7d 1665 phpliteadmin_1.9.7.1-2.dsc
 140cc0a419f26cfe0bdc47cc4f362c6c2704d731 6152 phpliteadmin_1.9.7.1-2.debian.tar.xz
 4e99f40229743286c50cb9c84f4cdf39ed97dfdb 6690 phpliteadmin_1.9.7.1-2_source.buildinfo
Checksums-Sha256:
 2ea0f40586df07b49a7fd9e0e802f280f7b84421bab555c4d585f31c91eddfe6 1665 phpliteadmin_1.9.7.1-2.dsc
 c00344dc980968b593c5e8eba8d72fa1969e436b4a53d62007c1ea82291ed632 6152 phpliteadmin_1.9.7.1-2.debian.tar.xz
 0613290105bd4a76295093d89380e28b9a4827783415c16365024077afb7ea0c 6690 phpliteadmin_1.9.7.1-2_source.buildinfo
Files:
 3206cf086a811ec2b62f4560e1f2c2e2 1665 web optional phpliteadmin_1.9.7.1-2.dsc
 6041eb7947b2f3b1876ab483d1e44b2c 6152 web optional phpliteadmin_1.9.7.1-2.debian.tar.xz
 85290eba42fe70df0204f4624754c5de 6690 web optional phpliteadmin_1.9.7.1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFCBAEBCAAsFiEEBLWdkN98wqvNSbrqyofp6CqsM/EFAlsHNbgOHGdxQGRlYmlh
bi5vcmcACgkQyofp6CqsM/FprAf/cTFpAP4PRM4RYhVj6zeRg9f6nBf7S4bf0xLA
+uGwPWlmlNPpLDIp8qjxEvlwHlRBuqvLq503qQT/jawMcbeMtdETHn/R9dD9jPyl
fXdJ+xBvC4yoQ1B1xWRKE5KiScSjKcVYOKcPmjrY0FM7QW9YWKTQ3beq/PFV/9BH
fIFUoWtsmoHPWSOKwYYuKY3yKWH0fJxsxf/fw1ONAvo5PyCIcN175HZ/eOmGqY3q
QsOjWUdzHVI/G8xLmV7QCuqGL7jLctry6cQuhCzenRb7zhnmWMpEL3hVhtmNRaRJ
8Zci0g7FfpHnRfIHlriy01tVaHsGA7ec19uAiiVZMpaEZoZrdA==
=5YHA
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2018 07:34:51 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:31:55 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started