Re: Remote buffer overflow in Webalizer

From: Franck Coppola (franck@hosting42.com)
Date: 04/16/02


From: "Franck Coppola" <franck@hosting42.com>
To: "Spybreak" <spybreak@host.sk>
Date: Mon, 15 Apr 2002 22:59:16 GMT


Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).

     Franck

Spybreak writes:

> Release : April 15 2002
> Author : Spybreak (spybreak@host.sk)
> Software : Webalizer
> Version : 2.01-09, 2.01-06
> URL : http://www.mrunix.net/webalizer/
> Status : vendor contacted
> Problems : remote buffer overflow
>
>
>
>
> --- INTRO ---
>
> The Webalizer is a web server log file analysis program
> which produces usage statistics in HTML format for
> viewing with a browser. The results are presented in both
> columnar and graphical format, which facilitates
> interpretation.
>
> Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
> distribution, enabled by default and run daily by the cron
> daemon.
>
>
> --- PROBLEM ---
>
> The webalizer has the ability to perform reverse DNS lookups.
> This ability is disabled by default, but if enabled, an
> attacker with command over his own DNS service, has the
> ability to gain remote root acces to a machine, due to a remote
> buffer overflow in the reverse resolving code.
>
>
> Public key:
> http://spybreak.host.sk
>
 






Relevant Pages

  • Remote buffer overflow in Webalizer
    ... Problems: remote buffer overflow ... The Webalizer is a web server log file analysis program ... The webalizer has the ability to perform reverse DNS lookups. ... buffer overflow in the reverse resolving code. ...
    (Bugtraq)
  • Webalizer - is FreeBSD port vulnerable ?
    ... Webalizer is found to have a buffer overflow that is reportedly ... The second link above contains a list of vulnerable versions / OSes. ...
    (FreeBSD-Security)