Local File Modification Vulnerability in Zend Platform by Zend Technologies
CVE-2007-1369

Currently unrated

Key Information:

Vendor: Zend
Status: Zend Platform
Vendor: CVE Published:; 9 March 2007

What is CVE-2007-1369?

The ini_modifier (sgid-zendtech) in Zend Platform versions up to 2.2.3 permits local users to exploit the system's php.ini file. Attackers can alter a copy of php.ini through the -f parameter, followed by executing a symlink attack. This involves linking a directory containing the manipulated php.ini file to /usr/local/Zend/etc, potentially compromising server configurations and security settings.

References

http://osvdb.org/33930

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2007/0829

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/22802

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2007
Vulnerability Reserved
Mar 9, 2007