RHEL 2.1 : webalizer (RHSA-2002:255)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated Webalizer packages are available for Red Hat Linux Advanced
Server 2.1 which fix an obscure buffer overflow bug in the DNS
resolver code.

[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64)

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation

Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.

A buffer overflow in Webalizer versions prior to 2.01-10, when
configured to use reverse DNS lookups, may allow remote attackers to
execute arbitrary code by connecting to the monitored Web server from
an IP address that resolves to a long hostname.

Users of Webalizer are advised to upgrade to these errata packages
which contain Webalizer version 2.01-09 with backported security and
bug fix patches.

See also :


Solution :

Update the affected webalizer package.

Risk factor :

High / CVSS Base Score : 7.5

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12333 ()

Bugtraq ID:

CVE ID: CVE-2002-0180