GoogleOSV:DSA-3369-1zendframework - security update
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
Multiple vulnerabilities were discovered in Zend Framework, a PHP
framework:
- CVE-2015-5723
It was discovered that due to incorrect permissions masks when
creating directories, local attackers could potentially execute
arbitrary code or escalate privileges. - ZF2015-08 (no CVE assigned)
Chris Kings-Lynne discovered an SQL injection vector caused by
missing null byte filtering in the MS SQL PDO backend, and a similar
issue was also found in the SQLite backend.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.11.13-1.1+deb7u4.
For the stable distribution (jessie), this problem has been fixed in
version 1.12.9+dfsg-2+deb8u4.
For the testing distribution (stretch), this problem has been fixed
in version 1.12.16+dfsg-1.
For the unstable distribution (sid), this problem has been fixed in
version 1.12.16+dfsg-1.
We recommend that you upgrade your zendframework packages.
References
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%