SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for "17481" returned:
SecureScout Testcase: 17481Name: PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows Vulnerabilities
CVE References: CVE-2006-5465 (cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Risk: HighCVSS Base Score: 7.5 (ver. 2.0 )
TC Impact: Gather InfoService: httpVuln Impact: Denial of Service
Attack
Access Vector: NetworkAccess Complexity: LowAuthentication: None
Confidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialImpact Bias:
Host Impact: Denial of Service. Execution of arbitrary code.Summary: Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Fix Type: Update the software.Copyright: Stefan EsserPublished Date: March 16, 2007
Description: Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application.

Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.

The vulnerability is confirmed in version 5.x < 5.2.0 and also reported in version 4.4.6. Other versions may also be affected.
Remediation: ***** Solution type: Upgrade Software *****

Upgrade to php 4.4.7 or newer or 5.2.0 or newer.
See references for more details.
References:

* BUGTRAQ: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/450431/100/0/threaded
* BUGTRAQ: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql
http://www.securityfocus.com/archive/1/archive/1/451098/100/0/threaded
* BUGTRAQ: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability
http://www.securityfocus.com/archive/1/archive/1/453024/100/0/threaded
* MISC:
http://www.hardened-php.net/advisory_132006.138.html
* CONFIRM:
http://www.php.net/releases/5_2_0.php
* CONFIRM:
http://issues.rpath.com/browse/RPL-761
* CONFIRM:
http://docs.info.apple.com/article.html?artnum=304829
* CONFIRM:
http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm
* APPLE: APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
* CISCO: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
* CISCO: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
* DEBIAN: DSA-1206
http://www.debian.org/security/2006/dsa-1206
* GENTOO: GLSA-200703-21
http://security.gentoo.org/glsa/glsa-200703-21.xml
* MANDRIVA: MDKSA-2006:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:196
* OPENPKG: OpenPKG-SA-2006.028
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
* REDHAT: RHSA-2006:0730
http://www.redhat.com/support/errata/RHSA-2006-0730.html
* REDHAT: RHSA-2006:0736
http://rhn.redhat.com/errata/RHSA-2006-0736.html
* REDHAT: RHSA-2006:0731
http://www.redhat.com/support/errata/RHSA-2006-0731.html
* SUSE: SUSE-SA:2006:067
http://www.novell.com/linux/security/advisories/2006_67_php.html
* TRUSTIX: 2006-0061
http://www.trustix.org/errata/2006/0061/
* TURBO: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
* UBUNTU: USN-375-1
http://www.ubuntu.com/usn/usn-375-1
* CERT: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
* BID: 20879
http://www.securityfocus.com/bid/20879
* FRSIRT: ADV-2006-4317
http://www.frsirt.com/english/advisories/2006/4317
* FRSIRT: ADV-2006-4749
http://www.frsirt.com/english/advisories/2006/4749
* FRSIRT: ADV-2006-4750
http://www.frsirt.com/english/advisories/2006/4750
* FRSIRT: ADV-2007-1546
http://www.frsirt.com/english/advisories/2007/1546
* SECTRACK: 1017152
http://securitytracker.com/id?1017152
* SECTRACK: 1017296
http://securitytracker.com/id?1017296
* SECUNIA: 22653
http://secunia.com/advisories/22653
* SECUNIA: 22688
http://secunia.com/advisories/22688
* SECUNIA: 22693
http://secunia.com/advisories/22693
* SECUNIA: 22753
http://secunia.com/advisories/22753
* SECUNIA: 22713
http://secunia.com/advisories/22713
* SECUNIA: 22759
http://secunia.com/advisories/22759
* SECUNIA: 22929
http://secunia.com/advisories/22929
* SECUNIA: 23139
http://secunia.com/advisories/23139
* SECUNIA: 23155
http://secunia.com/advisories/23155
* SECUNIA: 23247
http://secunia.com/advisories/23247
* SECUNIA: 22685
http://secunia.com/advisories/22685
* SECUNIA: 22779
http://secunia.com/advisories/22779
* SECUNIA: 22881
http://secunia.com/advisories/22881
* SECUNIA: 24606
http://secunia.com/advisories/24606
* SECUNIA: 25047
http://secunia.com/advisories/25047
* XF: php-htmlentities-bo(29971)
http://xforce.iss.net/xforce/xfdb/29971
Created: 2010-05-07 01:00:00Last Changed: 2010-05-07 01:00:00
 
 The Complete Lexicon to Security