{"id": "SECURITYVULNS:DOC:2770", "bulletinFamily": "software", "title": "Remote buffer overflow in Webalizer", "description": "Release : April 15 2002\r\nAuthor : Spybreak (spybreak@host.sk)\r\nSoftware : Webalizer\r\nVersion : 2.01-09, 2.01-06\r\nURL : http://www.mrunix.net/webalizer/\r\nStatus : vendor contacted\r\nProblems : remote buffer overflow\r\n\r\n\r\n\r\n\r\n--- INTRO ---\r\n\r\nThe Webalizer is a web server log file analysis program\r\nwhich produces usage statistics in HTML format for\r\nviewing with a browser. The results are presented in both\r\ncolumnar and graphical format, which facilitates\r\ninterpretation.\r\n\r\nWebalizer 2.01-06 is a part of the Red Hat Linux 7.2\r\ndistribution, enabled by default and run daily by the cron\r\ndaemon.\r\n\r\n\r\n--- PROBLEM ---\r\n\r\nThe webalizer has the ability to perform reverse DNS lookups.\r\nThis ability is disabled by default, but if enabled, an\r\nattacker with command over his own DNS service, has the\r\nability to gain remote root acces to a machine, due to a remote\r\nbuffer overflow in the reverse resolving code.\r\n\r\n\r\nPublic key:\r\nhttp://spybreak.host.sk\r\n", "published": "2002-04-15T00:00:00", "modified": "2002-04-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:2770", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:05", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 4.2, "vector": "NONE", "modified": "2018-08-31T11:10:05", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:05", "rev": 2}, "vulnersScore": 4.2}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **95[.]217.187.64** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 24940: (First IP 95.216.0.0, Last IP 95.217.255.255).\nASN Name \"HETZNERAS\" and Organisation \"\".\nThis IP is a part of \"**hetzner**\" address pools.\nASN hosts 5191619 domains.\nGEO IP information: City \"Helsinki\", Country \"Finland\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:9095C661-2770-32B0-BD79-417BBFC8CE56", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 95.217.187.64", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **49[.]83.195.234** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-25T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4134: (First IP 49.79.242.0, Last IP 49.84.212.255).\nASN Name \"CHINANETBACKBONE\" and Organisation \"No31Jinrong Street\".\nASN hosts 1235891 domains.\nGEO IP information: City \"Yancheng\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-25T00:00:00", "id": "RST:377502C1-2770-3098-947C-1CACF990FED1", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 49.83.195.234", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **219[.]89.196.131** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-09-29T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 219.89.192.0, Last IP 219.89.255.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Auckland\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-09-29T00:00:00", "id": "RST:3FAD7C48-C4BF-3758-9B46-6327BFA0F267", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 219.89.196.131", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **222[.]152.170.144** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **14**.\n First seen: 2020-12-25T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 222.152.160.0, Last IP 222.152.223.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Auckland\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-25T00:00:00", "id": "RST:6884DDCF-58C4-3F28-8D2C-EE5ADE664BA2", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 222.152.170.144", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **222[.]153.78.120** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **19**.\n First seen: 2020-12-28T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 222.153.8.0, Last IP 222.153.127.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Porirua\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-28T00:00:00", "id": "RST:3AD83ED2-66BD-37D4-9580-A87D63D02DB8", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 222.153.78.120", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **222[.]153.86.244** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-23T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 222.153.8.0, Last IP 222.153.127.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Nelson\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-23T00:00:00", "id": "RST:1C95637C-FE33-338F-93BE-80DD6C122595", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 222.153.86.244", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **222[.]153.142.227** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **34**.\n First seen: 2021-01-25T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 4771: (First IP 222.153.136.0, Last IP 222.153.207.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Napier City\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-25T00:00:00", "id": "RST:85803540-AD9B-384A-861B-35F805C49DB2", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 222.153.142.227", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **222[.]153.237.227** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 222.153.223.0, Last IP 222.153.239.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Hastings\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:4F173E38-4F73-3478-AF51-2AD880069697", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 222.153.237.227", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **harrybutler[.]online** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:DFCBDB16-2770-37DF-B056-FB32D70F67CA", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: harrybutler.online", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **125[.]237.37.13** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **14**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 4771: (First IP 125.237.0.0, Last IP 125.237.207.255).\nASN Name \"SPARKNZ\" and Organisation \"Spark New Zealand Trading Ltd\".\nASN hosts 2770 domains.\nGEO IP information: City \"Auckland\", Country \"New Zealand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-26T00:00:00", "id": "RST:CAB3050E-E849-38DF-A7DE-A5FCC992C865", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 125.237.37.13", "type": "rst", "cvss": {}}]}