---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows SECUNIA ADVISORY ID: SA25047 VERIFY ADVISORY: http://secunia.com/advisories/25047/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: CiscoWorks Wireless LAN Solution Engine Express http://secunia.com/product/14043/ CiscoWorks Wireless LAN Solution Engine 2.x http://secunia.com/product/2187/ CiscoWorks Hosting Solution Engine 1.x http://secunia.com/product/2186/ Cisco Unified Application Environment 2.x http://secunia.com/product/14044/ SOFTWARE: Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2) http://secunia.com/product/2272/ CiscoWorks Hosting Solution Software 1.x http://secunia.com/product/14045/ DESCRIPTION: Cisco has acknowledged some vulnerabilities in various Cisco products, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA22653 The vulnerability affects the following products: * Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router and Branch Routers (WS-SVC-NAM-1, WS-SVC-NAM-2, and WS-X6380-NAM for the Catalyst 6000, 6500 series switches and Cisco 7600 series router. Devices running software versions 3.5(1a) and earlier are potentially affected by this vulnerability). * CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution Engine Express (WLSX) * Cisco Unified Application Environment (software version 2.3.x and earlier). * Hosting Solution Engine/Hosting Solution Software (all versions). SOLUTION: Network Analysis Modules (NAM): Update to version 3.5(1b) or version 3.6. There is no software fix for WS-X6380-NAM. CiscoWorks Wireless LAN Solution Engine (WLSE and WLSX): Currently no fixed version is available. Cisco Unified Application Environment: Update to software version 2.4 (release in May 2007). Hosting Solution Engine/Hosting Solution Software: Apply patch HSE-1.9u2.zip http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol (registered customers only) The vendor recommends to grant access to the devices to trusted IP addresses or subnets only. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml OTHER REFERENCES: SA22653: http://secunia.com/advisories/22653/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------