Vulnerabilities > CVE-2007-1401 - Unspecified vulnerability in PHP 4.4.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN php
exploit available
Summary
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
Exploit-Db
| description | PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC. CVE-2007-1401. Local exploit for windows platform |
| file | exploits/windows/local/3431.php |
| id | EDB-ID:3431 |
| last seen | 2016-01-31 |
| modified | 2007-03-08 |
| platform | windows |
| port | |
| published | 2007-03-08 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/3431/ |
| title | PHP 4.4.6 crack_opendict Local Buffer Overflow Exploit PoC |
| type | local |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-19 |
| organization | Red Hat |
| statement | Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support. |
References
- http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html
- http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html
- http://securityreason.com/securityalert/2405
- http://securityreason.com/securityalert/2405
- http://www.securityfocus.com/archive/1/462226/100/0/threaded
- http://www.securityfocus.com/archive/1/462226/100/0/threaded
- https://www.exploit-db.com/exploits/3431
- https://www.exploit-db.com/exploits/3431