CVE Vulnerabilities

CVE-2007-1370

Published: Mar 09, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.2 MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.

Affected Software

Name Vendor Start Version End Version
Zend_platform Zend 2.2.1a (including) 2.2.1a (including)
Zend_platform Zend 2.2.1a-a (including) 2.2.1a-a (including)

References