webalizer vulnerable to buffer overflow when performing reverse DNS lookups

2002-10-28T00:00:00
ID VU:582923
Type cert
Reporter CERT
Modified 2002-10-28T00:00:00

Description

Overview

A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.

Description

webalizer is a web server log file analysis program.

webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited.


Impact

An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges.


Solution

Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Conectiva| | -| 28 Oct 2002
Engarde| | -| 28 Oct 2002
Sco-Linux| | -| 28 Oct 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

Credit

Thanks to Spybreak for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2002-0180
  • Date Public: 15 Apr 2002
  • Date First Published: 28 Oct 2002
  • Date Last Updated: 28 Oct 2002
  • Severity Metric: 16.67
  • Document Revision: 8