Vulnerabilities > CVE-2007-1401 - Local Security vulnerability in PHP 4.4.6
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
Exploit-Db
| description | PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC. CVE-2007-1401. Local exploit for windows platform |
| file | exploits/windows/local/3431.php |
| id | EDB-ID:3431 |
| last seen | 2016-01-31 |
| modified | 2007-03-08 |
| platform | windows |
| port | |
| published | 2007-03-08 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/3431/ |
| title | PHP 4.4.6 crack_opendict Local Buffer Overflow Exploit PoC |
| type | local |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-19 |
| organization | Red Hat |
| statement | Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support. |