• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020417 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20050510)
Votes (Legacy)
ACCEPT(4) Baker, Cole, Cox, Green
MODIFY(2) Frech, Jones
NOOP(4) Armstrong, Christey, Foat, Wall
Comments (Legacy)
 Cox> According to the author of Webalizer the issue is not remotely
   exploitable, but this hasn't been confirmed by us yet.  Needs
 CHANGE> [Cox changed vote from MODIFY to REVIEWING]
 Cox> Author says this cannot be exploited to execute arbitrary code
 Jones> Description of acknowledged vulnerability indicates remotely
   exploitable (buffer overflow is in code which is processing
   input from a remote system (a DNS server)); root or non-root
   depends on privileges of resolver process (which is likely
   same as privileges of Webalizer process).  So, remotely
   exploitable to run arbitrary code with privileges of the
   Webalizer process.
 Cox> I actually meant that the author doesn't think this is an exploitable
   overflow at all, see 
   ---------- Forwarded message ----------
   Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT)
   From: Bradford L. Barrett <>
   To: Franck Coppola <>
   Cc: Spybreak <>,,
   Subject: Re: Remote buffer overflow in Webalizer
   > Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
   Bad fix.. while it will prevent the buffer from overflowing (which I still
   fail to see how can be used to execute a 'root' exploit, even with a LOT
   of imagination), but will cause the buffer to be filled with a non-null
   terminated string which will do all sorts of nasty things to your output,
   not to mention wreak havoc on the stats since you are cutting off the
   domain portion, not the hostname part, and adding random garbage at the
   Anyway, Version 2.01-10 has been released, which fixes this and a few
   other buglets that have been discovered in the last month or so.  Get it
   at the usual place (web: or
   or ftp:, and should be on the mirror sites
   Bradford L. Barrett            
   A free electron in a sea of neutrons     DoD#1750 KD4NAW
 Christey> XF:webalizer-reverse-dns-bo(8837)
   VULNWATCH:20020415 [VulnWatch] Remote buffer overflow in Webalizer
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Cox> after reviewing I agree with the description given
 Frech> XF: webalizer-reverse-dns-bo(8837)
 Christey> REDHAT:RHSA-2002:254
 Christey> CALDERA:CSSA-2002-036.0
   (note: CVE-2002-1234 was accidentally assigned to that Caldera
   advisory, but this is the correct CAN to use)

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.