RHEL 2.1 : webalizer (RHSA-2002:255)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated Webalizer packages are available for Red Hat Linux Advanced
Server 2.1 which fix an obscure buffer overflow bug in the DNS
resolver code.

[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64)
architecture.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.

A buffer overflow in Webalizer versions prior to 2.01-10, when
configured to use reverse DNS lookups, may allow remote attackers to
execute arbitrary code by connecting to the monitored Web server from
an IP address that resolves to a long hostname.

Users of Webalizer are advised to upgrade to these errata packages
which contain Webalizer version 2.01-09 with backported security and
bug fix patches.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0180.html
http://marc.info/?l=bugtraq&m=101888467527673
http://rhn.redhat.com/errata/RHSA-2002-255.html

Solution :

Update the affected webalizer package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12333 ()

Bugtraq ID:

CVE ID: CVE-2002-0180