A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.
webalizer is a web server log file analysis program.
webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited.
An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges.
Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later.
Vendor| Status| Date Notified| Date Updated
Conectiva| | -| 28 Oct 2002
Engarde| | -| 28 Oct 2002
Sco-Linux| | -| 28 Oct 2002
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Spybreak for reporting this vulnerability.
This document was written by Ian A Finlay.