OSVDB ID: 32773 Title: Zend Platform ini_modifier Authentication Bypass Local Privilege Escalation |
Info |
|
|
Dates |
||||
|
|
Description |
Zend Platform contains a flaw that may allow a malicious user to gain access to unauthorized privileges. A local user can trigger this issue by using the ini_modifier utility's -f parameter to edit a copy of php.ini, which is responsible for loading of PHP extensions that run with root credentials, performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and then linking this directory to /usr/local/Zend/etc. Upon server restart, the injected malicious PHP extensions will be run with root credentials. This flaw may lead to a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Misconfiguration, Race Condition Impact: Loss of Integrity Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Upgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): 1. Login as root. 2. Download the ini_modifier archive for your platform from the Zend Platform website. 3. Extract the archive and copy the updated ini_modifier binary to: Platform_install_dir/sbin/ini_modifier 4. Enter: chown root Platform_install_dir/sbin/ini_modifier 5. Enter: chgrp zendtech Platform_install_dir/sbin/ini_modifier 6. Enter: chmod 2755 Platform_install_dir/sbin/ini_modifier 2. Remove the old ini_modifier binary from your system (do not backup it). |
Products |
|
References |
|
Credit |
|
hardened-php.net - www.hardened-php.net