222270 Resource 202612 202768 202768 1230673961301 1230762449350 Controlled Cenzic updates PHP Vulnerability for Buffer Overflow Weakness Cenzic provides enhanced support for the PHP ‘mbstring’ Extension Buffer Overflow Vulnerability in its Web Server SmartAttack <p>On December 26, 2008, Cenzic added enhanced support to their Web Server SmartAttack which includes updates to the PHP &lsquo;mbstring&rsquo; Extension Buffer Overflow Vulnerability (<strong>BugtraqID 32948</strong>).&nbsp; </p><p>PHP is prone to a buffer overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.&nbsp; Hackers can exploit this vulnerability by executing arbitrary machine code in the context of the affected Web server.&nbsp; Even failed attempts will likely crash the Web server, denying service to legitimate users.&nbsp; </p><p>The following PHP versions are affected:<br /><br />PHP/5.1.1 to PHP/5.1.6<br />PHP/5.0.0 to PHP/5.0.5<br />PHP/4.4.1 to PHP/4.4.9<br />PHP/4.3.1 to PHP/4.3.9</p><p>Detail information can be looked at<br /><a href="http://www.securityfocus.com/bid/32948/"><strong><u>http://www.securityfocus.com/bid/32948/</u></strong></a></p><p>To learn more details on how you can automatically update your Cenzic Hailstorm product, visit our <a title="Cenzic Library Updates for its SmartAttacks" href="http://www.cenzic.com/cia_research/lib-updates.php" target="_blank"><strong><u>Website</u></strong></a>.<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br /><strong>Background on Cenzic&rsquo;s SmartAttacks</strong><br />Every week, Cenzic&rsquo;s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer&rsquo;s Websites to detect their security posture.&nbsp;&nbsp; These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.</p><p>by<br /><strong>Erin Swanson<br /></strong><a href="mailto:ESwanson@cenzic.com"><strong><u>ESwanson@cenzic.com</u></strong></a></p> 9 application/xml false buffer overflow cenzic December 26, 2008 SmartAttack Library Updates Learn more about our weekly SmartAttack Updates for this date http://www.cenzic.com/cia_research/lib-updates.php Cenzic SmartAttack Library Updates Weekly updates made to Cenzic?s product suite http://www.cenzic.com/cia_research/lib-updates.php Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 127.0.0.1 127.0.0.1 eswanson 64.60.123.45 false true false false true 204329 false false true false false false true 202612 blog blogsite/Cenzic/web