Zend platform usr/local/Zend/bin/scd.sh privilege escalation

zend-scd-privilege-escalation (32825) The risk level is classified as HighHigh Risk

Description:

The Zend platform could allow a local attacker to gain elevated privileges on the system, caused by insecure permissions set on the usr/local/Zend/bin/scd.sh script and multiple unspecified scripts. A local attacker could exploit this vulnerability to execute arbitrary code on the system with root or SYSTEM privileges.

Platforms Affected:

  • Zend Technologies, Zend Platform prior to 3.0

Remedy:

Upgrade to the latest version of the Zend platform (3.0 or later), available from the Zend Web site. See References.

Consequences:

Gain Privileges

References:

  • MOPB BONUS-06-2007, Zend Platform Insecure File Permission Local Root Vulnerability at http://www.php-security.org/MOPB/BONUS-06-2007.html.
  • Zend Web site, Zend Addresses Latest Security Vulnerabilities at http://www.zend.com/products/zend_platform/security_vulnerabilities.
  • BID-22801: Zend Platform Insecure File Permission Vulnerability
  • CVE-2007-1370: Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
  • OSVDB ID: 32772: Zend Platform Insecure File Permission Local Privilege Escalation Vulnerability
  • SA24501: Zend Platform "ini_modifier" Password Bypass and Insecure Permissions
  • VUPEN/ADV-2007-0829: Zend Platform scd.sh and ini_modifier Security Bypass and Privilege Escalation Issues

Reported:

Mar 03, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page