Zend platform ini_modifier file privilege escalation

zend-inimodifier-privilege-escalation (32820) The risk level is classified as HighHigh Risk

Description:

The Zend platform could allow a local attacker to gain elevated privileges on the system, caused by insecure permissions set on the ini_modifier file. A local attacker could exploit this vulnerability to edit the php.ini file and execute arbitrary code on the system with root or SYSTEM privileges.

Platforms Affected:

  • Zend Technologies, Zend Platform prior to 3.0

Remedy:

Upgrade to the latest version of the Zend platform (3.0 or later), available from the Zend Web site. See References.

Consequences:

Gain Privileges

References:

  • MOPB BONUS-07-2007, Zend Platform ini_modifier Local Root Vulnerability at http://www.php-security.org/MOPB/BONUS-07-2007.html.
  • Zend Web site, Zend Addresses Latest Security Vulnerabilities at http://www.zend.com/products/zend_platform/security_vulnerabilities.
  • BID-22802: Zend Platform PHP.INI File Modification Vulnerability
  • CVE-2007-1369: ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
  • OSVDB ID: 32773: Zend Platform ini_modifier Authentication Bypass Local Privilege Escalation
  • SA24501: Zend Platform "ini_modifier" Password Bypass and Insecure Permissions
  • VUPEN/ADV-2007-0829: Zend Platform scd.sh and ini_modifier Security Bypass and Privilege Escalation Issues

Reported:

Mar 03, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page