OSVDB ID: 28233

Title: Zend Platform ZendSession Manager Directory Traversal PHP Session Hijack

Info

Disclosure

Aug 24, 2006

Discovery

Aug 21, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

Zend Platform contains a flaw that may allow a malicious user to hijack an existing session. The flaw exists because the product uses non-standard characters in its creation of PHP session IDs. It is possible that the flaw may allow injection of arbitrary code into the session file resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.2.1a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Zend Technologies Ltd.

Zend Platform

2.2.1

References

CVE ID: 2006-4433 (see also: NVD)
Secunia Advisory ID: 21573
Related OSVDB ID: 28230 28232 28273
VUPEN Advisory: ADV-2006-3388
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0471.html
Other Advisory URL: http://www.hardened-php.net/advisory_052006.128.html
Vendor URL: http://www.zend.com/

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/28233