Vulnerabilities > CVE-2007-1475 - Remote Buffer Overflow vulnerability in PHP Interbase Extension
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL php
exploit available
Summary
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Successful exploitation requires that the Interbase extension is installed.
Vulnerable Configurations
Exploit-Db
description | PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit. CVE-2007-1475. Local exploit for windows platform |
file | exploits/windows/local/3488.php |
id | EDB-ID:3488 |
last seen | 2016-01-31 |
modified | 2007-03-15 |
platform | windows |
port | |
published | 2007-03-15 |
reporter | rgod |
source | https://www.exploit-db.com/download/3488/ |
title | PHP <= 4.4.6 ibase_connect Local Buffer Overflow Exploit |
type | local |
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-26 |
organization | Red Hat |
statement | Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ibase support. |
References
- http://retrogod.altervista.org/php_446_ibase_connect_bof.html
- http://secunia.com/advisories/24529
- http://securityreason.com/securityalert/2439
- http://www.securityfocus.com/archive/1/462931/100/0/threaded
- http://www.securityfocus.com/bid/22976
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33019
- https://www.exploit-db.com/exploits/3488