Hello, I have been looking into PMASA-2016-60 for phpmyadmin, and nothing seems to be certain.
* There does appear to be security issues with old versions of PHP with certain functions when passing strings with embedded nulls. http://www.madirish.net/401 * However as far as I can tell, php in wheezy is not vulnerable. * Furthermore, these vulnerabilities are suppose to apply when processing the username. I am having trouble trying to visualize how an embedded null in the username could result in bypassing access control lists. Or how a username with an embedded null could get authenticated even. * Looking at the code I don't see any of the vulnerable functions touching username. * The fix looks easy; however don't like to apply the fix unless I can say for certain that it does something useful. Which means I need an exploit. I can't find enough details for this. Any ideas? Ok, so I have had one more idea since typing this out. Possibly the problem is that the user is connecting as something like "root\0fudge". This results in the user connecting to mysql as "root" - assuming the mysql functions have this vulnerability" but we think the user is connecting as "root\0fudge" so the don't apply the rules for "root". Out of time now, will need to consider this more. -- Brian May <b...@debian.org>
