[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] URGENT: Webalizer 2.01-09 / 2.01-06 Vulnerability

Subject: [cobalt-developers] URGENT: Webalizer 2.01-09 / 2.01-06 Vulnerability
From: "Jonothon Ortiz" <jon@xxxxxxxxx>
Date: Thu Apr 18 07:17:19 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

http://www.securiteam.com/securitynews/5VP0B1P6UY.html

If you don't know if this affects you, look at your stats and see if Agents
by Country is reporting anything other than "100% Unknown/Unresolved" - if
it does then your webalizer is vulnerable via rDNS.

Quick Fix:

Unfortunately, the only way to prevent this until the latest release is out
for Cobalt users is to edit the /etc/httpd/conf/httpd.conf file. Open it up
and locate the line that says

HostnameLookups on

Comment this line out and add one for "off"

#HostnameLookups on
HostnameLookups off

That should do it. Unfortunately, your clients will be unable to generate by
country stats until it's resolved so you will probably want to contact your
clients before doing it. It's only been a day since it was released so let's
see what happens; I'm sure the pkgmaster.com folks will update webalizer as
soon as webalizer itself updates to fix this problem.

Jonothon Ortiz
Vice President
Xnext, Inc.
Ph: 863.298.9698
or  888.84.XNEXT
http://www.Xnext.com
mailto:jon@xxxxxxxxx

Follow-Ups:
- Re: [cobalt-developers] URGENT: Webalizer 2.01-09 / 2.01-06 Vulnerability
  - From: Totally Digital Lists

References:
- Re: [cobalt-developers] compiler-error
  - From: Jörg Jan Münter

Prev by Date: Re: [cobalt-developers] compiler-error
Next by Date: Re: [cobalt-developers] compiler-error
Previous by thread: Re: [cobalt-developers] compiler-error
Next by thread: Re: [cobalt-developers] URGENT: Webalizer 2.01-09 / 2.01-06 Vulnerability

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index