This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated Webalizer packages are available for Red Hat Linux Advanced
Server 2.1 which fix an obscure buffer overflow bug in the DNS
[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64)
[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.
A buffer overflow in Webalizer versions prior to 2.01-10, when
configured to use reverse DNS lookups, may allow remote attackers to
execute arbitrary code by connecting to the monitored Web server from
an IP address that resolves to a long hostname.
Users of Webalizer are advised to upgrade to these errata packages
which contain Webalizer version 2.01-09 with backported security and
bug fix patches.
See also :
Update the affected webalizer package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12333 ()
CVE ID: CVE-2002-0180