![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "Franck Coppola" <franck@hosting42.com>
To: "Spybreak" <spybreak@host.sk>
Subject: Re: Remote buffer overflow in Webalizer
Date: Mon, 15 Apr 2002 22:59:16 GMT
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org,
brad@mrunix.net
Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
Franck
Spybreak writes:
> Release : April 15 2002
> Author : Spybreak (spybreak@host.sk)
> Software : Webalizer
> Version : 2.01-09, 2.01-06
> URL : http://www.mrunix.net/webalizer/
> Status : vendor contacted
> Problems : remote buffer overflow
>
>
>
>
> --- INTRO ---
>
> The Webalizer is a web server log file analysis program
> which produces usage statistics in HTML format for
> viewing with a browser. The results are presented in both
> columnar and graphical format, which facilitates
> interpretation.
>
> Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
> distribution, enabled by default and run daily by the cron
> daemon.
>
>
> --- PROBLEM ---
>
> The webalizer has the ability to perform reverse DNS lookups.
> This ability is disabled by default, but if enabled, an
> attacker with command over his own DNS service, has the
> ability to gain remote root acces to a machine, due to a remote
> buffer overflow in the reverse resolving code.
>
>
> Public key:
> http://spybreak.host.sk
>