Info

Disclosure

Jan 26, 2007

Discovery

Unknown

Dates

Exploit

Mar 03, 2007

Solution

Unknown

Description

Zend Platform contains a flaw that may allow for local privilege escalation. The flaw is due to insecure default permissions set on multiple scripts and executables that are run when the application is started. The issue is triggered when a user directly edits one of the vulnerable files, for example, /usr/local/Zend/bin/scd.sh, the startup script for the Zend session management daemon, and inserts commands into the script. These commands will be executed with root permissions upon server restart resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Run the following commands (note that 'Platform_install_dir' is by default: /usr/local/Zend): chown -R root Platform_install_dir/bin chmod -R 755 Platform_install_dir/bin chown -R root Platform_install_dir/sbin chmod -R 755 Platform_install_dir/sbin chmod 2755 Platform_install_dir/sbin/ini_modifier chown -R root Platform_install_dir/lib chmod -R 755 Platform_install_dir/lib

Products

Zend Technologies Ltd.

Zend Platform

2.x

References

CVE ID: 2007-1370 (see also: NVD)
Bugtraq ID: 22801
ISS X-Force ID: 32825
VUPEN Advisory: ADV-2007-0829
Other Advisory URL: http://www.php-security.org/MOPB/BONUS-06-2007.html
Vendor Specific Advisory URL: http://www.zend.com/products/zend_platform/security_vulnerabilities

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/32772