CVE-2007-1369

inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...

CVE-2007-1369

inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...

CVE-2007-1369

CVE-2007-1369 affects Zend Platform 2.2.3 and earlier. The vulnerability is caused by ini_modifier (sgid-zendtech) that lets local users modify the system php.ini by editing a copy via -f and then performing a symlink attack, linking the attacker-controlled php.ini directory to /usr/local/Zend/et...

Zend Platform ini_modifier工具非授权操作漏洞

Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform软件包的inimodifier工具在使用上存在漏洞，本地攻击者可能利用此漏洞提升权限。 在安装Zend Platform过程中安装了一个名为inimodifier的suid组二进制程序。 $ ls -la /usr/local/Zend/sbin/inimodifier -rwxr-sr-x 1 root zendtech 243240 2006-08-14 16:24 inimodifier...

BONUS-07-2007:Zend Platform ini_modifier Local Root Vulnerability

Summary Zend Platform comes with an inimodifier that is used by the GUI to alter the php.ini file. By abusing a vulnerability within the inimodifier it is possible for a local attacker to edit the php.ini file without knowing the necessary GUI password. This can be used to obtain root privileges ...