Re: Webalizer - is FreeBSD port vulnerable ?
From: pr0ject (el_kab0ng@texas-shooters.com)
Date: 04/29/02
- Next message: The Anarcat: "Re: Webalizer - is FreeBSD port vulnerable ?"
- Previous message: Trevor Johnson: "Re: [SECURITY] [DSA-113-1] New ncurses packages available (fwd)"
- In reply to: Igor Roshchin: "Webalizer - is FreeBSD port vulnerable ?"
- Next in thread: The Anarcat: "Re: Webalizer - is FreeBSD port vulnerable ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Apr 2002 11:55:18 -0500 From: pr0ject <el_kab0ng@texas-shooters.com> To: freebsd-security@freebsd.org
it's only exploitable if you let the world see your stats.
IMHO, info like this should always be htaccessed.
Today str@giganda.komkon.org spoke in tongue:
**
** Hello!
**
** Webalizer is found to have a buffer overflow that is reportedly
** remotely exploitable.
** http://online.securityfocus.com/archive/1/267551
** http://online.securityfocus.com/bid/4504
** http://www.mrunix.net/webalizer/news.html
**
**
** The second link above contains a list of vulnerable versions / OSes.
** The only BSD-ish system mentioned is MacOS-X.
** Is any of the versions of FreeBSD port vulnerable ?
**
** Best,
**
** Igor
**
**
**
** To Unsubscribe: send mail to majordomo@FreeBSD.org
** with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: The Anarcat: "Re: Webalizer - is FreeBSD port vulnerable ?"
- Previous message: Trevor Johnson: "Re: [SECURITY] [DSA-113-1] New ncurses packages available (fwd)"
- In reply to: Igor Roshchin: "Webalizer - is FreeBSD port vulnerable ?"
- Next in thread: The Anarcat: "Re: Webalizer - is FreeBSD port vulnerable ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
