Re: Webalizer - is FreeBSD port vulnerable ?

From: The Anarcat (anarcat@anarcat.dyndns.org)
Date: 04/29/02

• Next message: FreeBSD bugmaster: "Current problem reports assigned to you"
• Previous message: pr0ject: "Re: Webalizer - is FreeBSD port vulnerable ?"
• In reply to: Igor Roshchin: "Webalizer - is FreeBSD port vulnerable ?"
• Next in thread: Igor Roshchin: "Re: Webalizer - is FreeBSD port vulnerable ?"
• Reply: Igor Roshchin: "Re: Webalizer - is FreeBSD port vulnerable ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 29 Apr 2002 13:59:01 -0400
From: The Anarcat <anarcat@anarcat.dyndns.org>
To: Igor Roshchin <str@giganda.komkon.org>

IIRC, the port was fixed not long ago. Please see the security
advisory.

A.

On Mon Apr 29, 2002 at 12:18:55PM -0400, Igor Roshchin wrote:
>
> Hello!
>
> Webalizer is found to have a buffer overflow that is reportedly
> remotely exploitable.
> http://online.securityfocus.com/archive/1/267551
> http://online.securityfocus.com/bid/4504
> http://www.mrunix.net/webalizer/news.html
>
>
> The second link above contains a list of vulnerable versions / OSes.
> The only BSD-ish system mentioned is MacOS-X.
> Is any of the versions of FreeBSD port vulnerable ?
>
> Best,
>
> Igor
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Imagination is more important than knowledge
                        - Albert Einstein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• application/pgp-signature attachment: stored

---

• Next message: FreeBSD bugmaster: "Current problem reports assigned to you"
• Previous message: pr0ject: "Re: Webalizer - is FreeBSD port vulnerable ?"
• In reply to: Igor Roshchin: "Webalizer - is FreeBSD port vulnerable ?"
• Next in thread: Igor Roshchin: "Re: Webalizer - is FreeBSD port vulnerable ?"
• Reply: Igor Roshchin: "Re: Webalizer - is FreeBSD port vulnerable ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [EXPL] Oracle9iAS Web Cache Multiple DoS and Buffer Overflow ... Oracle9iAS Web Cache Multiple DoS and Buffer Overflow ... Port 1100 = Incoming web cache proxy. ... Download patch from Oracle's support website, ... (Securiteam) [Full-Disclosure] GateKeeper Pro 4.7 buffer overflow ... there is a trivial buffer overflow in the web proxy. ... version can be checked from the administration service (default port 2000). ... Any use of this information is at the user's own risk. ... (Full-Disclosure) Re: Webalizer - is FreeBSD port vulnerable ? ... I see that the cvs-tree for the webalizer port contains a record ... I couldn't find FreeBSD security advisory on this topic. ... of the overflow, but since it's in the webalizer itself, it doesn't seem to ... (FreeBSD-Security) GateKeeper Pro 4.7 buffer overflow ... there is a trivial buffer overflow in the web proxy. ... version can be checked from the administration service (default port 2000). ... Any use of this information is at the user's own risk. ... (Full-Disclosure) FreeBSD Security Notice FreeBSD-SN-02:05 ... Several ports in the FreeBSD Ports Collection are affected by security ... All versions given refer to the FreeBSD port/package version numbers. ... Port name: acroread5 ... Buffer overflow which might be triggered when mpack is used to process ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-04