News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP.net:
Zend Platform Multiple Remote Vulnerabilities
August 24, 2006 @ 07:58:24

According to this new advisory on the Hardened-PHP project's site, there are some issues with the Zend Platform product that could cause a number of security issues becaue of malformed session IDs.

During the development of suhosin, which is our new PHP protection module, several compatibility tests with binary 3rd party PHP extensions like the Zend Platform and the Zend Optimizer have been made. When testing the session protection features of suhosin, we discovered that the session clustering system, which is shipping with the Zend Platform is vulnerable to several different attacks.

They mentions a few things a potential attacker could use this issue for, including crashing the session daemon, remote code execution, and being able to view and write files of their choice (like session files) to execute malicious code.

The details are listed out, but a "proof of concept" isn't published for this exploit. Thankfully, Zend has already provided a patch for the issue which can be downloaded at Zend's website (an upgrade to version 2.2.1a).

0 comments voice your opinion now!
vulnerabilities zend platform remote session execution crash vulnerabilities zend platform remote session execution crash


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: php|works - Day One Wrapup

Clay Loveless' Blog: Adios, Zend Studio. Hola, Komodo Pro!

Zend: ZendCon 2006 Accouncements - Collaborations with Microsoft, IBM, and the new ZendBox

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Richard Davey's Blog: PhpEd vs Zend Studio


Community Events

Don't see your event here?
Let us know!


example symfony api application language project configure framework yii2 community series opinion introduction composer list part2 laravel php7 interview podcast

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework