|
|
CVE Reference: CVE-2007-1369 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1369 |
|
|
Description: ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32820 SAID Secunia Advisory: SA24501 OSVDB 33930 32773 MISC http://www.php-security.org/MOPB/BONUS-07-2007.html CONFIRM http://www.zend.com/products/zend_platform/security_vulnerabilities BID 22802 |
|
| Return to the previous page. |
