search menu icon-carat-right cmu-wordmark

CERT Coordination Center

webalizer vulnerable to buffer overflow when performing reverse DNS lookups

Vulnerability Note VU#582923

Original Release Date: 2002-10-28 | Last Revised: 2002-10-28

Overview

A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.

Description

webalizer is a web server log file analysis program.

webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited.

Impact

An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges.

Solution

Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later.

Vendor Information

582923
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Spybreak for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-0180
Severity Metric: 16.67
Date Public: 2002-04-15
Date First Published: 2002-10-28
Date Last Updated: 2002-10-28 17:45 UTC
Document Revision: 8

Sponsored by CISA.