Vulnerability Description
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zend | Zend Platform | 2.2.1a |
References
- http://secunia.com/advisories/24501
- http://www.osvdb.org/32772
- http://www.php-security.org/MOPB/BONUS-06-2007.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/22801
- http://www.vupen.com/english/advisories/2007/0829
- http://www.zend.com/products/zend_platform/security_vulnerabilitiesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32825
- http://secunia.com/advisories/24501
- http://www.osvdb.org/32772
- http://www.php-security.org/MOPB/BONUS-06-2007.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/22801
- http://www.vupen.com/english/advisories/2007/0829
- http://www.zend.com/products/zend_platform/security_vulnerabilitiesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32825
FAQ
What is CVE-2007-1370?
CVE-2007-1370 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_m...
How severe is CVE-2007-1370?
CVE-2007-1370 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1370?
Check the references section above for vendor advisories and patch information. Affected products include: Zend Zend Platform.