CVE
- Id
- 4573
- CVE No.
- CVE-2002-0180
- Status
- Candidate
- Description
- Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.
- Phase
- Modified (20050510)
- Votes
- ACCEPT(4) Baker, Cole, Cox, Green | MODIFY(2) Frech, Jones | NOOP(4) Armstrong, Christey, Foat, Wall
- Comments
- Cox> According to the author of Webalizer the issue is not remotely | exploitable, but this hasn"t been confirmed by us yet. Needs | investigation. | | http://www.mrunix.net/webalizer/news.html | CHANGE> [Cox changed vote from MODIFY to REVIEWING] | Cox> Author says this cannot be exploited to execute arbitrary code | Jones> Description of acknowledged vulnerability indicates remotely | exploitable (buffer overflow is in code which is processing | input from a remote system (a DNS server)); root or non-root | depends on privileges of resolver process (which is likely | same as privileges of Webalizer process). So, remotely | exploitable to run arbitrary code with privileges of the | Webalizer process. | Cox> I actually meant that the author doesn"t think this is an exploitable | overflow at all, see | | ---------- Forwarded message ---------- | Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT) | From: Bradford L. Barrett <brad@mrunix.net> | To: Franck Coppola <franck@hosting42.com> | Cc: Spybreak <spybreak@host.sk>, bugtraq@securityfocus.com, | vulnwatch@vulnwatch.org | Subject: Re: Remote buffer overflow in Webalizer | | | > Here is a patch to fix the vulnerability (tested against webalizer-2.01-06). | | Bad fix.. while it will prevent the buffer from overflowing (which I still | fail to see how can be used to execute a "root" exploit, even with a LOT | of imagination), but will cause the buffer to be filled with a non-null | terminated string which will do all sorts of nasty things to your output, | not to mention wreak havoc on the stats since you are cutting off the | domain portion, not the hostname part, and adding random garbage at the | end. | | Anyway, Version 2.01-10 has been released, which fixes this and a few | other buglets that have been discovered in the last month or so. Get it | at the usual place (web: www.mrunix.net/webalizer/ or www.webalizer.org | or ftp: ftp.mrunix.net/pub/webalizer/), and should be on the mirror sites | soon. | | -- | Bradford L. Barrett brad@mrunix.net | A free electron in a sea of neutrons DoD#1750 KD4NAW | | | Christey> XF:webalizer-reverse-dns-bo(8837) | URL:http://www.iss.net/security_center/static/8837.php | BID:4504 | URL:http://www.securityfocus.com/bid/4504 | VULNWATCH:20020415 [VulnWatch] Remote buffer overflow in Webalizer | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0017.html | ENGARDE:ESA-20020423-009 | CONECTIVA:CLA-2002:476 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000476 | CHANGE> [Cox changed vote from REVIEWING to ACCEPT] | Cox> after reviewing I agree with the description given | Frech> XF: webalizer-reverse-dns-bo(8837) | Christey> REDHAT:RHSA-2002:254 | Christey> CALDERA:CSSA-2002-036.0 | (note: CVE-2002-1234 was accidentally assigned to that Caldera | advisory, but this is the correct CAN to use)
