Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mageia Linux Local Check: mgasa-2015-0391
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Mageia Linux Local Security Checks mgasa-2015-0391
Insight
Insight
Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues (CVE-2015-5723). The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection (ZF2015-08). Note that the ZF2015-08 issue did not affect Zend Framework 2.
Solution
Solution
Update the affected packages to the latest available version.