Zend Platform 2 Session Clustering Security Hotfix ================================================== This package contains a Security Hotfix for the Session Clustering feature. Hotfix Overview --------------- A security risk has recently been detected in Zend Platform's Session Clustering feature. The security risk relates to the June 2006 release of Zend Platform version 2.2.1. The Hotfix contained in this package resolves these vulnerabilities. Hotfix Compatibility -------------------- The Hotfix is relevant for Zend Platform versions 2.1, 2.2.x, running on the following operating systems: Linux x86 Linux x86-64 Solaris Sparc 8, 9, 10 Solaris x86 9, 10 FreeBSD x86 5.4, 6.x Mac OS X Power 10.4 It is only relevant for Zend Platform installations that use the Session Clustering feature. Therefore, Windows OS users do not require this Hotfix. Detect if Session Clustering feature is enabled ----------------------------------------------- To determine whether session clustering feature is enabled on your environment, refer the "session.save_handler" directive located at the "session" section on the phpinfo page under the Studio Server tab. If its value is "files", the Session Clustering feature is turned off, otherwise if its value is "cluster", it is turned on. Installation ------------ 1) Stop the Web Server. 2) Stop the Session Clustering Daemon by running from shell: /bin/scd.sh stop. 3) Change dir to Zend Platform installation directory. 4) Un-tar the Hotfix into this directory. 5) Start the Session Clustering Daemon by running from shell: /bin/scd.sh start 6) Start the Web Server. Patch Installation Verification ------------------------------- To verify that the patch was applied successfully, refer to the supplied "md5" file located at the package root. Hotfix Information ------------------ The Hotfix resolves the following security vulnerabilities and is recommended for all Session Clustering users: 1) Empty Session ID causes vulnerability. 2) Buffer overflow inside ZendSessionManager when using very long session keys. 3) Buffer overflow inside mod_cluster when using very long session keys. 4) Bug in ZendSessionManager which allows the attacker to write session files where not permitted. 5) Bug in ZendSessionManager which allows the attacker to read session data from a non permitted location. 6) Bug in ZendSessionManager which allows the attacker to store PHP code in the session data (only in PHP < 4.4.3 and < 5.1.4). Support ------- Additional support information is available at http://www.zend.com/support/ -------------------------------------------------- Thank you for choosing Zend Platform! Zend Technologies Ltd. http://www.zend.com/