CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
4573 | CVE-2002-0180 | Candidate | Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | Modified (20050510) | ACCEPT(4) Baker, Cole, Cox, Green | MODIFY(2) Frech, Jones | NOOP(4) Armstrong, Christey, Foat, Wall | Cox> According to the author of Webalizer the issue is not remotely | exploitable, but this hasn"t been confirmed by us yet. Needs | investigation. | | http://www.mrunix.net/webalizer/news.html | CHANGE> [Cox changed vote from MODIFY to REVIEWING] | Cox> Author says this cannot be exploited to execute arbitrary code | Jones> Description of acknowledged vulnerability indicates remotely | exploitable (buffer overflow is in code which is processing | input from a remote system (a DNS server)); root or non-root | depends on privileges of resolver process (which is likely | same as privileges of Webalizer process). So, remotely | exploitable to run arbitrary code with privileges of the | Webalizer process. | Cox> I actually meant that the author doesn"t think this is an exploitable | overflow at all, see | | ---------- Forwarded message ---------- | Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT) | From: Bradford L. Barrett <brad@mrunix.net> | To: Franck Coppola <franck@hosting42.com> | Cc: Spybreak <spybreak@host.sk>, bugtraq@securityfocus.com, | vulnwatch@vulnwatch.org | Subject: Re: Remote buffer overflow in Webalizer | | | > Here is a patch to fix the vulnerability (tested against webalizer-2.01-06). | | Bad fix.. while it will prevent the buffer from overflowing (which I still | fail to see how can be used to execute a "root" exploit, even with a LOT | of imagination), but will cause the buffer to be filled with a non-null | terminated string which will do all sorts of nasty things to your output, | not to mention wreak havoc on the stats since you are cutting off the | domain portion, not the hostname part, and adding random garbage at the | end. | | Anyway, Version 2.01-10 has been released, which fixes this and a few | other buglets that have been discovered in the last month or so. Get it | at the usual place (web: www.mrunix.net/webalizer/ or www.webalizer.org | or ftp: ftp.mrunix.net/pub/webalizer/), and should be on the mirror sites | soon. | | -- | Bradford L. Barrett brad@mrunix.net | A free electron in a sea of neutrons DoD#1750 KD4NAW | | | Christey> XF:webalizer-reverse-dns-bo(8837) | URL:http://www.iss.net/security_center/static/8837.php | BID:4504 | URL:http://www.securityfocus.com/bid/4504 | VULNWATCH:20020415 [VulnWatch] Remote buffer overflow in Webalizer | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0017.html | ENGARDE:ESA-20020423-009 | CONECTIVA:CLA-2002:476 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000476 | CHANGE> [Cox changed vote from REVIEWING to ACCEPT] | Cox> after reviewing I agree with the description given | Frech> XF: webalizer-reverse-dns-bo(8837) | Christey> REDHAT:RHSA-2002:254 | Christey> CALDERA:CSSA-2002-036.0 | (note: CVE-2002-1234 was accidentally assigned to that Caldera | advisory, but this is the correct CAN to use) | View |
5612 | CVE-2002-1228 | Candidate | Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon. | Modified (20050510) | ACCEPT(3) Baker, Cole, Green | NOOP(2) Christey, Cox | REVIEWING(1) Wall | Christey> BID:5986 | URL:http://www.securityfocus.com/bid/5986 | CERT-VN:VU#855635 | URL:http://www.kb.cert.org/vuls/id/855635 | View |
3074 | CVE-2001-0253 | Candidate | Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. | Modified (20050509) | ACCEPT(1) Frech | NOOP(3) Cole, Wall, Ziese | REVIEWING(1) Bishop | View | |
3094 | CVE-2001-0273 | Candidate | pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. | Modified (20050509) | MODIFY(1) Frech | NOOP(3) Cole, Wall, Ziese | REVIEWING(1) Bishop | Frech> XF:pgp4pine-expired-keys(6135) | View |
3368 | CVE-2001-0555 | Candidate | ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor"s Desktop or (2) the template parameter in SWEditServlet. | Modified (20050509) | ACCEPT(6) Armstrong, Cole, Foat, Prosser, Stracener, Ziese | MODIFY(1) Frech | NOOP(2) Christey, Wall | Christey> ********************************************************************* | Note that this candidate was inadvertently used in Microsoft bulletin | MS01-044, for an unrelated vulnerability. The ScreamingMedia | SITEware problem is the correct vulnerability for | CVE-2001-0555. A different candidate will be used for the problem | described in the Microsoft bulletin. | ********************************************************************* | Frech> XF:siteware-dot-file-retrieval(6689) | Prosser> http://www01.screamingmedia.com/en/security/sms1001.php | Christey> Consider adding BID:3191 | Christey> CHANGEREF CONFIRM:http://www01.screamingmedia.com/en/security/security_notice.php?doc=sms1001 | CERT-VN:VU#795707 | URL:http://www.kb.cert.org/vuls/id/795707 | BID:2869 | URL:http://www.securityfocus.com/bid/2869 | XF:siteware-dot-file-retrieval(6689) | URL:http://xforce.iss.net/static/6689.php | | *DON"T* add BID:3191 - that"s for the Microsoft issue. | View |
Page 529 of 20943, showing 5 records out of 104715 total, starting on record 2641, ending on 2645