[25100] in bugtraq
Re: Remote buffer overflow in Webalizer
daemon@ATHENA.MIT.EDU (Franck Coppola)
Wed Apr 17 02:47:05 2002
Message-ID: <20020415225916.13076.qmail@ns364.ovh.net>
In-Reply-To: <20020415131547.M31014@host.sk>
From: "Franck Coppola" <franck@hosting42.com>
To: "Spybreak" <spybreak@host.sk>
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org, brad@mrunix.net
Date: Mon, 15 Apr 2002 22:59:16 GMT
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_0_13075_1018911556"; charset="iso-8859-1"
--=_0_13075_1018911556
Content-Type: text/plain; format=flowed; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
Franck
Spybreak writes:
> Release : April 15 2002
> Author : Spybreak (spybreak@host.sk)
> Software : Webalizer
> Version : 2.01-09, 2.01-06
> URL : http://www.mrunix.net/webalizer/
> Status : vendor contacted
> Problems : remote buffer overflow
>
>
>
>
> --- INTRO ---
>
> The Webalizer is a web server log file analysis program
> which produces usage statistics in HTML format for
> viewing with a browser. The results are presented in both
> columnar and graphical format, which facilitates
> interpretation.
>
> Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
> distribution, enabled by default and run daily by the cron
> daemon.
>
>
> --- PROBLEM ---
>
> The webalizer has the ability to perform reverse DNS lookups.
> This ability is disabled by default, but if enabled, an
> attacker with command over his own DNS service, has the
> ability to gain remote root acces to a machine, due to a remote
> buffer overflow in the reverse resolving code.
>
>
> Public key:
> http://spybreak.host.sk
>
--=_0_13075_1018911556
Content-Disposition: attachment; filename="patch.webalizer"
Content-Type: application/octet-stream; name="patch.webalizer"
Content-Transfer-Encoding: base64
AA9wYXRjaC53ZWJhbGl6ZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCAAAAALjgfxO44H8TAAAAbUJJTgAAAAAAAAAA
AAAAAAAAAACCgbYSAAAqKiogZG5zX3Jlc29sdi5jLm9yaWcgICBUdWUgQXByIDE2IDAwOjUxOjI4
IDIwMDIKLS0tIGRuc19yZXNvbHYuYyAgICAgICAgVHVlIEFwciAxNiAwMDo1MzoxOSAyMDAyCioq
KioqKioqKioqKioqKgoqKiogNDQ1LDQ0OSAqKioqCiAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBzaXplLHN0cmxlbihyZXNfZW50LT5oX25hbWUpKTsKICAKISAgICAgICAgICAg
ICAgICAgICAgICAgICBzdHJjcHkoY2hpbGRfYnVmLCByZXNfZW50LT5oX25hbWUpOwogICAgICAg
ICAgICAgICAgICAgICAgICAgIHNpemUgPSBzdHJsZW4oY2hpbGRfYnVmKTsKICAgICAgICAgICAg
ICAgICAgICAgICB9Ci0tLSA0NDUsNDQ5IC0tLS0KICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIHNpemUsc3RybGVuKHJlc19lbnQtPmhfbmFtZSkpOwogIAohICAgICAgICAgICAg
ICAgICAgICAgICAgIHN0cm5jcHkoY2hpbGRfYnVmLCByZXNfZW50LT5oX25hbWUsIE1BWEhPU1Qp
OwogICAgICAgICAgICAgICAgICAgICAgICAgIHNpemUgPSBzdHJsZW4oY2hpbGRfYnVmKTsKICAg
ICAgICAgICAgICAgICAgICAgICB9CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
--=_0_13075_1018911556--
