Vulnerabilities > CVE-2007-1370 - Unspecified vulnerability in Zend Platform 2.2.1A
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://www.php-security.org/MOPB/BONUS-06-2007.html
- http://www.zend.com/products/zend_platform/security_vulnerabilities
- http://www.securityfocus.com/bid/22801
- http://www.osvdb.org/32772
- http://secunia.com/advisories/24501
- http://www.vupen.com/english/advisories/2007/0829
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32825