Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:255

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51220

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:255

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:255.

Updated Webalizer packages are available for Red Hat Linux Advanced Server
2.1 which fix an obscure buffer overflow bug in the DNS resolver code.

[Updated 13 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.

A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute arbitrary
code by connecting to the monitored Web server from an IP address that
resolves to a long hostname.

Users of Webalizer are advised to upgrade to these errata packages which
contain Webalizer version 2.01-09 with backported security and bug fix patches.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-255.html
http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 4504
Common Vulnerability Exposure (CVE) ID: CVE-2002-0180
http://www.securityfocus.com/bid/4504
Bugtraq: 20020415 Remote buffer overflow in Webalizer (Google Search)
http://marc.info/?l=bugtraq&m=101888467527673&w=2
CERT/CC vulnerability note: VU#582923
http://www.kb.cert.org/vuls/id/582923
XForce ISS Database: webalizer-reverse-dns-bo(8837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8837

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51220
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:255
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:255. Updated Webalizer packages are available for Red Hat Linux Advanced Server 2.1 which fix an obscure buffer overflow bug in the DNS resolver code. [Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Webalizer is a Web server log file analysis program which produces detailed usage reports in HTML format. A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Users of Webalizer are advised to upgrade to these errata packages which contain Webalizer version 2.01-09 with backported security and bug fix patches. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-255.html http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 4504 Common Vulnerability Exposure (CVE) ID: CVE-2002-0180 http://www.securityfocus.com/bid/4504 Bugtraq: 20020415 Remote buffer overflow in Webalizer (Google Search) http://marc.info/?l=bugtraq&m=101888467527673&w=2 CERT/CC vulnerability note: VU#582923 http://www.kb.cert.org/vuls/id/582923 XForce ISS Database: webalizer-reverse-dns-bo(8837) https://exchange.xforce.ibmcloud.com/vulnerabilities/8837
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com