From owner-freebsd-security  Mon Apr 29 11: 0:50 2002
Delivered-To: freebsd-security@freebsd.org
Received: from tomts10-srv.bellnexxia.net (tomts10.bellnexxia.net [209.226.175.54])
	by hub.freebsd.org (Postfix) with ESMTP id 860A237B423
	for <security@freebsd.org>; Mon, 29 Apr 2002 11:00:11 -0700 (PDT)
Received: from shall.anarcat.dyndns.org ([65.94.190.137])
          by tomts10-srv.bellnexxia.net
          (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP
          id <20020429180010.IMTA5561.tomts10-srv.bellnexxia.net@shall.anarcat.dyndns.org>;
          Mon, 29 Apr 2002 14:00:10 -0400
Received: from lenny.anarcat.dyndns.org (lenny.anarcat.dyndns.org [192.168.0.4])
	by shall.anarcat.dyndns.org (Postfix) with SMTP
	id EC10F7A; Mon, 29 Apr 2002 13:59:36 -0400 (EDT)
Received: by lenny.anarcat.dyndns.org (sSMTP sendmail emulation); Mon, 29 Apr 2002 13:59:01 -0400
Date: Mon, 29 Apr 2002 13:59:01 -0400
From: The Anarcat <anarcat@anarcat.dyndns.org>
To: Igor Roshchin <str@giganda.komkon.org>
Cc: security@freebsd.org
Subject: Re: Webalizer - is FreeBSD port vulnerable ?
Message-ID: <20020429175901.GC321@lenny.anarcat.dyndns.org>
References: <200204291618.g3TGIt821629@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Sr1nOIr3CvdE5hEN"
Content-Disposition: inline
In-Reply-To: <200204291618.g3TGIt821629@giganda.komkon.org>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--Sr1nOIr3CvdE5hEN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

IIRC, the port was fixed not long ago. Please see the security
advisory.

A.

On Mon Apr 29, 2002 at 12:18:55PM -0400, Igor Roshchin wrote:
>=20
> Hello!
>=20
> Webalizer is found to have a buffer overflow that is reportedly
> remotely exploitable.
> http://online.securityfocus.com/archive/1/267551
> http://online.securityfocus.com/bid/4504
> http://www.mrunix.net/webalizer/news.html
>=20
>=20
> The second link above contains a list of vulnerable versions / OSes.
> The only BSD-ish system mentioned is MacOS-X.
> Is any of the versions of FreeBSD port vulnerable ?
>=20
> Best,
>=20
> Igor
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


--=20
Imagination is more important than knowledge
                        - Albert Einstein

--Sr1nOIr3CvdE5hEN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzNieQACgkQttcWHAnWiGfeMACdFOY5LxXckTpBX5zGgQeZaHup
FxgAn3JYIWxQdfHpe2NFZOueHJSTS+X6
=Xhgw
-----END PGP SIGNATURE-----

--Sr1nOIr3CvdE5hEN--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message