---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Zend Platform "ini_modifier" Password Bypass and Insecure Permissions SECUNIA ADVISORY ID: SA24501 VERIFY ADVISORY: http://secunia.com/advisories/24501/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Zend Platform 2.x http://secunia.com/product/11679/ DESCRIPTION: Stefan Esser has reported a vulnerability and a security issue in Zend Platform, which can be exploited by malicious, local users to gain escalated privileges. 1) An error in the "ini_modifier" utility when opening and updating the "php.ini" file can be exploited to bypass the password protection and allow loading of malicious PHP extensions that run with escalated privileges at the next server restart. 2) The problem is that various files have insecure file permissions and are incorrectly owned by the web server or incorrectly owned by the user who installed Zend Platform. This can be exploited to gain escalated privileges at the next server restart by replacing or editing the affected files. The vulnerability and security issue are reported in version 2.2.3. Other versions may also be affected. SOLUTION: 1) Change the file permissions and install a new "ini_modifier" (see vendor advisory for details). 2) Upgrade to version 3.0 or later. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: MOPB: http://www.php-security.org/MOPB/BONUS-06-2007.html http://www.php-security.org/MOPB/BONUS-07-2007.html Zend: http://www.zend.com/products/zend_platform/security_vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------