RE: [cobalt-users] URGENT: Webalizer 2.01-09 / 2.01-06 Vulnerability

["Matt Brown" <matt@xxxxxxxxxxxxxxxxxx>]

> http://www.securiteam.com/securitynews/5VP0B1P6UY.html
>
> If you don't know if this affects you, look at your stats and see
> if Agents
> by Country is reporting anything other than "100% Unknown/Unresolved" - if
> it does then your webalizer is vulnerable via rDNS.
>
> Quick Fix:
>
> Unfortunately, the only way to prevent this until the latest
> release is out
> for Cobalt users is to edit the /etc/httpd/conf/httpd.conf file.
> Open it up
> and locate the line that says
>
> HostnameLookups on
>
> Comment this line out and add one for "off"
>
> #HostnameLookups on
> HostnameLookups off
>
> That should do it. Unfortunately, your clients will be unable to
> generate by
> country stats until it's resolved so you will probably want to
> contact your
> clients before doing it. It's only been a day since it was
> released so let's
> see what happens; i'm sure the pkgmaster.com folks will update
> webalizer as
> soon as webalizer itself updates to fix this problem.

Another panic message to the masses ....

Quoted form the Webalizer Site:

"April 16, 2002   Version 2.01-10 has been released. This version is only a
bug fix release with no new features added. It corrects some problems with
extended characters, mismatched KByte totals, blank hostname weirdness and a
very obscure buffer overflow. The buffer overflow was incorrectly reported
to BugTraq as a remote buffer overflow that allows a root compromise. Unless
you believe that any buffer overflow allows root access to a box, this is
quite a stretch. Anyway, I took the opportunity to not only fix the obscure
buffer overflow, but some of the other minor buglets that have surfaced in
the last month or so."

So download,compile and install version 2.01-10, easy.

Matt Brown