Date: Mon, 29 Apr 2002 11:55:18 -0500 From: pr0ject <el_kab0ng@texas-shooters.com> To: freebsd-security@freebsd.org Subject: Re: Webalizer - is FreeBSD port vulnerable ? Message-ID: <20020429115518.A17943@mail.texas-shooters.com> In-Reply-To: <200204291618.g3TGIt821629@giganda.komkon.org>; from str@giganda.komkon.org on Mon, Apr 29, 2002 at 12:18:55PM -0400 References: <200204291618.g3TGIt821629@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
it's only exploitable if you let the world see your stats. IMHO, info like this should always be htaccessed. Today str@giganda.komkon.org spoke in tongue: ** ** Hello! ** ** Webalizer is found to have a buffer overflow that is reportedly ** remotely exploitable. ** http://online.securityfocus.com/archive/1/267551 ** http://online.securityfocus.com/bid/4504 ** http://www.mrunix.net/webalizer/news.html ** ** ** The second link above contains a list of vulnerable versions / OSes. ** The only BSD-ish system mentioned is MacOS-X. ** Is any of the versions of FreeBSD port vulnerable ? ** ** Best, ** ** Igor ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020429115518.A17943>