Bug 63616
Summary: | Remote Buffer Overflow in Webalizer | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Bruce Garlock <bruce> |
Component: | webalizer | Assignee: | Than Ngo <than> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | chris.ricker |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-04-18 00:20:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bruce Garlock
2002-04-16 12:02:18 UTC
could you please give a testcase, how to reproduce this bug. Thanks Is this the same problem as the one outlined on http://lwn.net/2001/1108/a/webalizer.php3? Sounds alike (and this is supposed to be fixed in -09, if you're still seeing this problem in -09, please provide a sample exploit or any other hint on why you think it's still a problem). It is the same.
Brad just released webalizer-2.01-10 which fixes it. From his bugtraq post:
<quote>
Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT)
From: Bradford L. Barrett <brad>
To: Franck Coppola <franck>
Cc: Spybreak <spybreak>, bugtraq,
vulnwatch
Subject: Re: Remote buffer overflow in Webalizer
> Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
Bad fix.. while it will prevent the buffer from overflowing (which I still
fail to see how can be used to execute a 'root' exploit, even with a LOT
of imagination), but will cause the buffer to be filled with a non-null
terminated string which will do all sorts of nasty things to your output,
not to mention wreak havoc on the stats since you are cutting off the
domain portion, not the hostname part, and adding random garbage at the
end.
Anyway, Version 2.01-10 has been released, which fixes this and a few
other buglets that have been discovered in the last month or so. Get it
at the usual place (web: www.mrunix.net/webalizer/ or www.webalizer.org
or ftp: ftp.mrunix.net/pub/webalizer/), and should be on the mirror sites
soon.
</quote>
2.01-10 in rawhide. |