From owner-freebsd-security  Mon Apr 29 10: 4:40 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.texas-shooters.com (bdsl.66.12.242.27.gte.net [66.12.242.27])
	by hub.freebsd.org (Postfix) with ESMTP id 7324737B428
	for <freebsd-security@freebsd.org>; Mon, 29 Apr 2002 10:04:00 -0700 (PDT)
Received: (from root@localhost)
	by mail.texas-shooters.com (8.12.1/8.12.1) id g3TGtMdd018037
	for freebsd-security@freebsd.org; Mon, 29 Apr 2002 11:55:22 -0500 (CDT)?g
	(envelope-from el_kab0ng@mail.texas-shooters.com)œ
Received: from mail.texas-shooters.com (localhost [127.0.0.1])
	by mail.texas-shooters.com (8.12.1/8.12.1av) with ESMTP id g3TGtI0f018030
	for <freebsd-security@freebsd.org>; Mon, 29 Apr 2002 11:55:19 -0500 (CDT)?g
	(envelope-from el_kab0ng@mail.texas-shooters.com)
Received: (from el_kab0ng@localhost)
	by mail.texas-shooters.com (8.12.1/8.12.1/Submit) id g3TGtIbT018029
	for freebsd-security@freebsd.org; Mon, 29 Apr 2002 11:55:18 -0500 (CDT)?g
	(envelope-from el_kab0ng)
Date: Mon, 29 Apr 2002 11:55:18 -0500
From: pr0ject <el_kab0ng@texas-shooters.com>
To: freebsd-security@freebsd.org
Subject: Re: Webalizer - is FreeBSD port vulnerable ?
Message-ID: <20020429115518.A17943@mail.texas-shooters.com>
References: <200204291618.g3TGIt821629@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200204291618.g3TGIt821629@giganda.komkon.org>; from str@giganda.komkon.org on Mon, Apr 29, 2002 at 12:18:55PM -0400
X-righteous-weapon: AK-47, of course. 
X-planation: Happiness is a warm gun.
X-bitch: I miss my ex-wife... but with this new laser sight...
X-website: http://www.texas-shooters.com
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

it's only exploitable if you let the world see your stats.

IMHO, info like this should always be htaccessed.

Today str@giganda.komkon.org spoke in tongue:
** 
** Hello!
** 
** Webalizer is found to have a buffer overflow that is reportedly
** remotely exploitable.
** http://online.securityfocus.com/archive/1/267551
** http://online.securityfocus.com/bid/4504
** http://www.mrunix.net/webalizer/news.html
** 
** 
** The second link above contains a list of vulnerable versions / OSes.
** The only BSD-ish system mentioned is MacOS-X.
** Is any of the versions of FreeBSD port vulnerable ?
** 
** Best,
** 
** Igor
** 
** 
** 
** To Unsubscribe: send mail to majordomo@FreeBSD.org
** with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message