Vulnerabilities > CVE-2007-1475 - Remote Buffer Overflow vulnerability in PHP Interbase Extension

047910
CVSS 5.4 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
php
exploit available

Summary

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Successful exploitation requires that the Interbase extension is installed.

Vulnerable Configurations

Part Description Count
Application
Php
243

Exploit-Db

descriptionPHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit. CVE-2007-1475. Local exploit for windows platform
fileexploits/windows/local/3488.php
idEDB-ID:3488
last seen2016-01-31
modified2007-03-15
platformwindows
port
published2007-03-15
reporterrgod
sourcehttps://www.exploit-db.com/download/3488/
titlePHP <= 4.4.6 ibase_connect Local Buffer Overflow Exploit
typelocal

Statements

contributorMark J Cox
lastmodified2007-03-26
organizationRed Hat
statementNot vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ibase support.