[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Webalizer Remote Root Access
- Subject: [cobalt-security] Webalizer Remote Root Access
- From: Brian Rahill <cobalt@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 Apr 2002 21:32:56 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi All,
I assume others have seen this bugtraq posting about webalizer (see below):
A couple questions: Is the pkgmaster version vulnerable (seems like it
is)? How about the one from cobalt-aid.sourceforge.net?
This seems like a pretty serious threat. Can anyone verify if other
versions that have reverse enabled are vulnerable? Should we all turn
reverse off immediately or what?
--- Brian
++++++++++++++++++++++++++++
Begin Bugtraq Posting
--- INTRO ---
The Webalizer is a web server log file analysis program
which produces usage statistics in HTML format for
viewing with a browser. The results are presented in both
columnar and graphical format, which facilitates
interpretation.
Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
distribution, enabled by default and run daily by the cron
daemon.
--- PROBLEM ---
The webalizer has the ability to perform reverse DNS lookups.
This ability is disabled by default, but if enabled, an
attacker with command over his own DNS service, has the
ability to gain remote root acces to a machine, due to a remote
buffer overflow in the reverse resolving code.