Overview
A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.
Description
webalizer is a web server log file analysis program. webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited. |
Impact
An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. |
Solution
Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Spybreak for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2002-0180 |
| Severity Metric: | 16.67 |
| Date Public: | 2002-04-15 |
| Date First Published: | 2002-10-28 |
| Date Last Updated: | 2002-10-28 17:45 UTC |
| Document Revision: | 8 |