RHSA-2002:255 - Security Advisory

Topic

Updated Webalizer packages are available for Red Hat Linux Advanced Server
2.1 which fix an obscure buffer overflow bug in the DNS resolver code.

[Updated 13 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

Description

Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.

A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute arbitrary
code by connecting to the monitored Web server from an IP address that
resolves to a long hostname.

Users of Webalizer are advised to upgrade to these errata packages which
contain Webalizer version 2.01-09 with backported security and bug fix patches.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Workstation 2 ia64

Fixes

• BZ - 77342 - obscure buffer overflow bug in the DNS resolver code.

CVEs

• CVE-2002-0180

References

(none)