Zend Optimizer File Permissions Local Privilege Escalation Vulnerability

Bugtraq ID:	52866
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 03 2012 12:00AM
Updated:	Apr 03 2012 12:00AM
Credit:	Gjoko Krstic
Vulnerable:	Zend Zend Optimizer 3.3.3 Zend Zend Optimizer 3.3
Not Vulnerable:

Zend Optimizer File Permissions Local Privilege Escalation Vulnerability

Zend Optimizer is prone to a local privilege-escalation vulnerability that occurs because of insecure file permissions.

A local attacker can exploit this issue to execute arbitrary code with the privileges of the affected application.

Zend Optimizer File Permissions Local Privilege Escalation Vulnerability

An attacker requires local interactive access to exploit this issue.

Zend Optimizer File Permissions Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.

Zend Optimizer File Permissions Local Privilege Escalation Vulnerability

References:

• Zend Optimizer Homepage (zend)
  
• Zend Optimizer 3.3.3 (Windows) Insecure Permissions (Gjoko Krstic)
  
• Zend Optimizer Release-Note (Zend Optimizer)