Vulnerability Description
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 4.4.6 |
References
- http://retrogod.altervista.org/php_446_mssql_connect_bof.htmlBroken Link
- http://secunia.com/advisories/24353Third Party Advisory
- http://securityreason.com/securityalert/2407ExploitThird Party Advisory
- http://www.securityfocus.com/archive/1/462010/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/22832ExploitThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0867Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32885Third Party AdvisoryVDB Entry
- http://retrogod.altervista.org/php_446_mssql_connect_bof.htmlBroken Link
- http://secunia.com/advisories/24353Third Party Advisory
- http://securityreason.com/securityalert/2407ExploitThird Party Advisory
- http://www.securityfocus.com/archive/1/462010/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/22832ExploitThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0867Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32885Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-1411?
CVE-2007-1411 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect a...
How severe is CVE-2007-1411?
CVE-2007-1411 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1411?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.