7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
93.4%
A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.
webalizer is a web server log file analysis program.
webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited.
An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges.
Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later.
582923
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 28, 2002
Affected
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000476
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23582923 Feedback>).
Updated: October 28, 2002
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-2027.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23582923 Feedback>).
Updated: October 28, 2002
Affected
<ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-036.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23582923 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Spybreak for reporting this vulnerability.
This document was written by Ian A Finlay.
CVE IDs: | CVE-2002-0180 |
---|---|
Severity Metric: | 16.67 Date Public: |