PHPDeveloper.org: Secunia: Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

News Archive

Andre Liem's Blog: 5 tips and tools to optimize your php application - Part 1 simple

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Robert Basic's Blog: MyUrl view helper for Zend Framework

Laknath Semage's Blog: PHP + Large files

NETTUTS.com: Mimicking Apple's Address Book for the Web

Martynas Jusevicius' Blog: Method overloading in PHP 5

DevShed: Authentication Scripts for a User Management Application

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Secunia:
Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows

by Chris Cornutt April 26, 2007 @ 07:55:00

Cicso product users should check out this latest issue Secunia has released today - a problem with the htmlentities and htmlspecialchars functions that can lead to buffer overflows.

The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application.

Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.

Products affected include the Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router/Branch Routers and the CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution (among others, check out the advisory for a more complete list).

There are some patches that have been released to correct this issue (like the one for the Cisco Unified Application Environment) but others are still yet to come. They recommend limiting access to only trusted IPs and devices only to reduce the risk of the problem being exploited.

2 comments voice your opinion now!
cisco buffer overflow htmlspecialchars htmlentities advisory cisco buffer overflow htmlspecialchars htmlentities advisory

charge a credit card

by agustina - 10.01.2007 @ 21:11:02

http://lenoxassociates.com/phpbb2/viewtopic.php?p=6415

is this spam? let us know!

accept a credit card

by alexis - 09.29.2007 @ 23:11:10

http://darkspace.3dactionplanet.gamespy.com/forums/index.php?act=ST&f=3&t=26444

is this spam? let us know!

Similar Posts

Secunia: Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows

Hardened-PHP Project: PHP HTML Entity Encoder Heap Overflow Vulnerability

Zend: Zend Technologies and COMMON Create PHP Advisory Group

Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)

PHP Security Blog: Chunk_split() Overflow not fixed at all...

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework