|
Family: Gain a shell remotely --> Category: denial
Zend Session Clustering Daemon Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to crash Zend Session Clustering daemon
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote server is affected by a buffer overflow vulnerability.
Description :
The version of Zend's Session Clustering daemon on the remote host
contains a buffer overflow that can be exploited by a possible hacker using
a specially-crafted session id to crash the affected service and even
execute arbitrary code subject to the permissions of the user id
running it.
See also :
http://www.hardened-php.net/advisory_052006.128.html
http://www.securityfocus.com/archive/1/444263/30/0/threaded
Solution :
Upgrade to Zend Platform version 2.2.1a or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|