Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zend_platform | Zend | 2.2.1a (including) | 2.2.1a (including) |
Zend_platform | Zend | 2.2.1a-a (including) | 2.2.1a-a (including) |