From owner-freebsd-security  Mon Apr 29  9:18:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [63.167.241.66])
	by hub.freebsd.org (Postfix) with ESMTP id D771637B405
	for <security@freebsd.org>; Mon, 29 Apr 2002 09:18:55 -0700 (PDT)
Received: (from str@localhost)
	by giganda.komkon.org (8.11.3/8.11.3) id g3TGIt821629
	for security@freebsd.org; Mon, 29 Apr 2002 12:18:55 -0400 (EDT)
	(envelope-from str)
Date: Mon, 29 Apr 2002 12:18:55 -0400 (EDT)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200204291618.g3TGIt821629@giganda.komkon.org>
To: security@freebsd.org
Subject: Webalizer - is FreeBSD port vulnerable ?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hello!

Webalizer is found to have a buffer overflow that is reportedly
remotely exploitable.
http://online.securityfocus.com/archive/1/267551
http://online.securityfocus.com/bid/4504
http://www.mrunix.net/webalizer/news.html


The second link above contains a list of vulnerable versions / OSes.
The only BSD-ish system mentioned is MacOS-X.
Is any of the versions of FreeBSD port vulnerable ?

Best,

Igor



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message