Test ID:	1.3.6.1.4.1.25623.1.0.51220
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2002:255
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2002:255. Updated Webalizer packages are available for Red Hat Linux Advanced Server 2.1 which fix an obscure buffer overflow bug in the DNS resolver code. [Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Webalizer is a Web server log file analysis program which produces detailed usage reports in HTML format. A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Users of Webalizer are advised to upgrade to these errata packages which contain Webalizer version 2.01-09 with backported security and bug fix patches. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-255.html http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 4504 Common Vulnerability Exposure (CVE) ID: CVE-2002-0180 http://www.securityfocus.com/bid/4504 Bugtraq: 20020415 Remote buffer overflow in Webalizer (Google Search) http://marc.info/?l=bugtraq&m=101888467527673&w=2 CERT/CC vulnerability note: VU#582923 http://www.kb.cert.org/vuls/id/582923 XForce ISS Database: webalizer-reverse-dns-bo(8837) https://exchange.xforce.ibmcloud.com/vulnerabilities/8837
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.