From: "Franck Coppola" <franck@hosting42.com> To: "Spybreak" <spybreak@host.sk> Subject: Re: Remote buffer overflow in Webalizer Date: Mon, 15 Apr 2002 22:59:16 GMT Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org, brad@mrunix.net Here is a patch to fix the vulnerability (tested against webalizer-2.01-06). Franck Spybreak writes: > Release : April 15 2002 > Author : Spybreak (spybreak@host.sk) > Software : Webalizer > Version : 2.01-09, 2.01-06 > URL : http://www.mrunix.net/webalizer/ > Status : vendor contacted > Problems : remote buffer overflow > > > > > --- INTRO --- > > The Webalizer is a web server log file analysis program > which produces usage statistics in HTML format for > viewing with a browser. The results are presented in both > columnar and graphical format, which facilitates > interpretation. > > Webalizer 2.01-06 is a part of the Red Hat Linux 7.2 > distribution, enabled by default and run daily by the cron > daemon. > > > --- PROBLEM --- > > The webalizer has the ability to perform reverse DNS lookups. > This ability is disabled by default, but if enabled, an > attacker with command over his own DNS service, has the > ability to gain remote root acces to a machine, due to a remote > buffer overflow in the reverse resolving code. > > > Public key: > http://spybreak.host.sk >