[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Webalizer Remote Root Access

The version on cobalt-aid is 2.01-9 currently.
I've seen that -10 is now out and fixes this (even though, apparently,
it's not quite as big a problem as the BugTraq original poster made it
out to be).

I will look into generating new builds.

tir, 2002-04-16 kl. 03:32 skrev Brian Rahill:
> Hi All,
> 
> I assume others have seen this bugtraq posting about webalizer (see below):
> 
> A couple questions: Is the pkgmaster version vulnerable  (seems like it 
> is)?  How about the one from cobalt-aid.sourceforge.net?
> 
> This seems like a pretty serious threat.  Can anyone verify if other 
> versions that have reverse enabled are vulnerable?  Should we all turn 
> reverse off immediately or what?
> 
> --- Brian
> 
> ++++++++++++++++++++++++++++
> Begin Bugtraq Posting
> 
> --- INTRO ---
> The Webalizer is a web server log file analysis program
> which produces usage statistics in HTML format for
> viewing with a browser. The results are presented in both
> columnar and graphical format, which facilitates
> interpretation.
> Webalizer 2.01-06 is a part of the Red Hat Linux 7.2
> distribution, enabled by default and run daily by the cron
> daemon.
> 
> --- PROBLEM ---
> The webalizer has the ability to perform reverse DNS lookups.
> This ability is disabled by default, but if enabled, an
> attacker with command over his own DNS service, has the
> ability to gain remote root acces to a machine, due to a remote
> buffer overflow in the reverse resolving code.
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 
-- 

Martin Moeller
Liga LinDist ApS.
Faelledvej 16D
DK-2200  Copenhagen N
Tel: +45 35 36 95 05
Fax: +45 35 36 92 05

http://www.liga.dk
mailto: martin@xxxxxxx