Lucene search

[email protected]CVE-2007-1369

HistoryMar 09, 2007 - 10:19 p.m.

CVE-2007-1369

2007-03-0922:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1369

zend platform

ini_modifier

sgid-zendtech

symlink attack

nvd

security vulnerability

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.

CPENameOperatorVersion
zend:zend_platformzend zend platformle2.2.3

CPE	Name	Operator	Version
zend:zend_platform	zend zend platform	le	2.2.3

References

osvdb.org/33930

secunia.com/advisories/24501

www.osvdb.org/32773

www.php-security.org/MOPB/BONUS-07-2007.html

www.securityfocus.com/bid/22802

www.vupen.com/english/advisories/2007/0829

www.zend.com/products/zend_platform/security_vulnerabilities

exchange.xforce.ibmcloud.com/vulnerabilities/32820

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-1369

prion1 securityvulns1