Bugtraq mailing list archives
Remote buffer overflow in Webalizer
From: "Spybreak" <spybreak () host sk>
Date: Mon, 15 Apr 2002 13:15:47 +0200
Release : April 15 2002 Author : Spybreak (spybreak () host sk) Software : Webalizer Version : 2.01-09, 2.01-06 URL : http://www.mrunix.net/webalizer/ Status : vendor contacted Problems : remote buffer overflow --- INTRO --- The Webalizer is a web server log file analysis program which produces usage statistics in HTML format for viewing with a browser. The results are presented in both columnar and graphical format, which facilitates interpretation. Webalizer 2.01-06 is a part of the Red Hat Linux 7.2 distribution, enabled by default and run daily by the cron daemon. --- PROBLEM --- The webalizer has the ability to perform reverse DNS lookups. This ability is disabled by default, but if enabled, an attacker with command over his own DNS service, has the ability to gain remote root acces to a machine, due to a remote buffer overflow in the reverse resolving code. Public key: http://spybreak.host.sk
Current thread:
- Remote buffer overflow in Webalizer Spybreak (Apr 15)
- Re: Remote buffer overflow in Webalizer Franck Coppola (Apr 16)
- Re: Remote buffer overflow in Webalizer Bradford L. Barrett (Apr 17)
- Re: Remote buffer overflow in Webalizer Lars Hecking (Apr 18)
- Re: Remote buffer overflow in Webalizer Franck Coppola (Apr 16)