SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Webalizer Vendors:   Barrett, Bradford L.
Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups
SecurityTracker Alert ID:  1004037
SecurityTracker URL:  http://securitytracker.com/id/1004037
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 15 2002
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 2.01-09, 2.01-06
Description:   A buffer overflow vulnerability was reported in Webalizer, a log file analysis tool. A remote user can cause arbitrary code to be executed on the server.

If Webalizer is configured to perform reverse DNS lookups (which is apparently not the default configuration), a remote user with control over a DNS service can cause arbitrary code to be executed by Webalizer. No further details were provided.

The vendor has reportedly been notified.

Impact:   A remote user with control over a DNS server can cause Webalizer to execute arbitrary code on the Webalizer host when performing a reverse DNS lookup.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mrunix.net/webalizer/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  BeOS, Linux (Any), OpenVMS, UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix But Disputes Impact) Re: Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups
This is a follow-up message.
(Engarde Issues Fix) Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups
The vendor has released a fix for EnGarde Secure Linux.
(Conectiva Issues Fix) Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups
The vendor has released a fix.
(Caldera Issues Fix) Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups
Caldera has released a fix.



 Source Message Contents

Subject:  [VulnWatch] Remote buffer overflow in Webalizer


Release  : April 15 2002
Author   : Spybreak (spybreak@host.sk)
Software : Webalizer
Version  : 2.01-09, 2.01-06
URL      : http://www.mrunix.net/webalizer/
Status   : vendor contacted
Problems : remote buffer overflow




--- INTRO ---

The Webalizer is a web server log file analysis program
which produces usage statistics in HTML format for
viewing with a browser.  The results are presented in both
columnar and  graphical format, which facilitates
interpretation.

Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
distribution, enabled by default and run daily by the cron
daemon.


--- PROBLEM ---

The webalizer has the ability to perform reverse DNS lookups.
This ability is disabled by default, but if enabled, an
attacker with command over his own DNS service, has the
ability to gain remote root acces to a machine, due to a remote
buffer overflow in the reverse resolving code.


Public key:
http://spybreak.host.sk



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC