Upgrade PHPMyAdmin on Ubuntu

Taylor

Creative Commons License photo credit: martinak15

Sometimes issues jump at you from a completely unexpected place. One moment you’re basking in the peculiar March sunny day, and the next you’re puzzling about why people choose a specific Linux distro, or why do script kiddies insist on trying to break where they shouldn’t…

Looking through a client’s Apache logs the other day I discovered the following:
[cc]
“POST /phpmyadmin/index.php?session_to_unset=123&token=ffed9f1ea288ce53b760974d55b321c4&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A42%3A%22%2Ftmp%2Fsess%5F5pth2fvne9i08fsm0gisce3npt3bid37%22%3B%7D%7D&_SESSION[payload]=%3C%3Fphp%20eval%28base64%5Fdecode%28%22ZWNobyAic3Q0cjciLnBocF91bmFtZSgpLiI3aDMzbmQiOw%3D%3D%22%29%29%3B%20%3F%3E HTTP/1.1″ 200
“GET /phpmyadmin/index.php?token=ffed9f1ea288ce53b760974d55b321c4 HTTP/1.1″ 200
“POST /phpmyadmin/index.php?session_to_unset=123&token=ffed9f1ea288ce53b760974d55b321c4&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A46%3A%22%2Fvar%2Ftmp%2Fsess%5F5pth2fvne9i08fsm0gisce3npt3bid37%22%3B%7D%7D&_SESSION[payload]=%3C%3Fphp%20eval%28base64%5Fdecode%28%22ZWNobyAic3Q0cjciLnBocF91bmFtZSgpLiI3aDMzbmQiOw%3D%3D%22%29%29%3B%20%3F%3E HTTP/1.1″ 200
“GET /phpmyadmin/index.php?token=ffed9f1ea288ce53b760974d55b321c4 HTTP/1.1″ 200
“POST /phpmyadmin/index.php?session_to_unset=123&token=ffed9f1ea288ce53b760974d55b321c4&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A50%3A%22%2Fvar%2Flib%2Fphp%2Fsess%5F5pth2fvne9i08fsm0gisce3npt3bid37%22%3B%7D%7D&_SESSION[payload]=%3C%3Fphp%20eval%28base64%5Fdecode%28%22ZWNobyAic3Q0cjciLnBocF91bmFtZSgpLiI3aDMzbmQiOw%3D%3D%22%29%29%3B%20%3F%3E HTTP/1.1″ 200
[/cc]

This was coming from an IP of a server in the Netherlands and is clearly an attack, as described here. The question was – what do you do about it?

The first thing to do was to try and see if the attack succeeded. System logs had no traces of any strange code running on the server. This by itself does not mean nothing happened, but it’s good to know.

The second thing was to change MySQL root password – just for good measure.

And now for the patching game. Which isn’t that straight-forward on Ubuntu.
[cc]apt-cache policy phpmyadmin[/cc] shows that the installed phpmyadmin version is 3.3.7.
Ubuntu is well known for being “a few versions behind the curb”. This means that the official repositories, where phpmyadmin was installed from only held version 3.3.7 – which is vulnerable to this type of attack. a
[cc]
sudo apt-get install phpmyadmin
[/cc]shows that phpmyadmin is at the latest available version, which, well – isn’t good enough.
It is time to find a ppa then.

Well, luckily – Michal Cihar over at Zope’s largest site has a PPA (Personal Packaging Archive) just for this.
Following the instructions on Micahl’s website, you can add the PPA to your installation (Following steps are for Ubuntu 10.04 Lucid and up).

  1. To add the PPA to your system:
    [cc]
    sudo add-apt-repository ppa:nijel/phpmyadmin
    [/cc]
  2. Update aptitude to read the PPA:
    [cc]sudo apt-get update[/cc]
  3. Upgrade phpmyadmin
    [cc]sudo apt-get install phpmyadmin[/cc]
    This command will find the latest version from the PPA (which is 3.4.10 at the time of writing) and install it.

At the end – you can verify that this worked by issuing
[cc]apt-cache policy phpmyadmin[/cc] again, and verifying the installed phpmyadmin version.

PhpMyAdmin updated

PhpMyAdmin updated

4 thoughts on “Upgrade PHPMyAdmin on Ubuntu

  1. Pingback: Upgrade phpmyadmin di Ubuntu | Catatan PHPBego

  2. Ahmed Gamal

    thanks for the post but nijel ppa doesnt seem to be updated frequntly!
    the current version is 3.5.2.2 but the one on the ppa is 3.4.11.1
    anyone knows a better ppa?

  3. Florin

    Thanks. Had conflicts with mysqlnd for the std ubuntu version in 12.04. This repo fixed it ;)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>