Vulnerabilities > CVE-2007-1370 - Unspecified vulnerability in Zend Platform 2.2.1A
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://secunia.com/advisories/24501
- http://www.osvdb.org/32772
- http://www.php-security.org/MOPB/BONUS-06-2007.html
- http://www.securityfocus.com/bid/22801
- http://www.vupen.com/english/advisories/2007/0829
- http://www.zend.com/products/zend_platform/security_vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32825