A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute arbitrary
code by connecting to the monitored web server from an IP address that
resolves to a long hostname.
It's fixed in 2.01_09-1.72