SuSE: 'webalizer' cross-site scripting vulnerability

    Date06 Nov 2001
    CategorySuSE
    4129
    Posted ByLinuxSecurity Advisories
    An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place.
    
    ______________________________________________________________________________
    
                            SuSE Security Announcement
    
            Package:                webalizer
            Announcement-ID:        SuSE-SA:2001:040
            Date:                   Tuesday, Nov 06th, 2001 12.00 MET
            Affected SuSE versions: 7.1, 7.2, 7.3
            Vulnerability Type:     remote privilege escalation
                                    (cross-site scripting)
            Severity (1-10):        5
            SuSE default package:   no
            Other affected systems: all linux-like systems using this version
                                    of webalizer
    
            Content of this advisory:
            1) security vulnerability resolved: webalizer
               problem description, discussion, solution and upgrade information
            2) pending vulnerabilities, solutions, workarounds
            3) standard appendix (further information)
    
    ______________________________________________________________________________
    
    1)  problem description, brief discussion, solution, upgrade information
    
        The webalizer is a widely used tool for analyzing web server logs and
        produce statistics in HTML format.
        An exploitable bug was found in webalizer which allows a remote attacker
        to execute commands on other client machines or revealing sensitive
        information by placing HTML tags in the right place. This is possible
        due to missing sanity checks on untrusted data - hostnames and search
        keywords in this case - that are received by webalizer. This kind of attack
        is also known as "Cross-Site Scripting Vulnerability".
        Additionally the untrusted data will be written to files on the server
        running webalizer; this may lead to further problems when using this
        data as input for third-party software/scripts.
    
        There is no known temporary fix, so please update your system with
        the new RPMs from our FTP server.
    
        Download the update package from locations described below and install
        the package with the command:
            rpm -Uhv file.rpm
        The md5sum for each file is in the line below. You can verify the
        integrity of the rpm files using the command:
            rpm --checksig --nogpg file.rpm
        independently from the md5 signatures below.
    
    
    
    
        i386 Intel Platform:
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/webalizer-2.01.06-140.i386.rpm
          3525fd6ab9c27be34edad9bef05ff061
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/webalizer-2.01.06-140.src.rpm
          898d975f34991a02f02da603b6bcd529
    
        SuSE-7.2
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/webalizer-2.01.06-139.i386.rpm
          593a7f033158f57bac47cf2fa9cb83bc
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/webalizer-2.01.06-139.src.rpm
          70ceb86a0373070a06f6d39ec0bc4377
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/webalizer-2.01.06-139.i386.rpm
          74288622703dec120b18c0fbb5003917
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/webalizer-2.01.06-139.src.rpm
          213f7a394052dc193be05a882768054a
    
    
    
        Sparc Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/webalizer-2.01.06-54.sparc.rpm
          5aa3b7511d704415498fbec3bfc2ccd5
        source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/webalizer-2.01.06-54.src.rpm
          792efab485712286fc848234b1aa249d
    
    
    
        AXP Alpha Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/webalizer-2.01.06-49.alpha.rpm
          aa93070e8358b1cfd91b7fabffbfa985
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/webalizer-2.01.06-49.src.rpm
          2065dd78c3f8147a94f97994fb37e6ce
    
    
    
        PPC Power PC Platform:
    
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/webalizer-2.01.06-72.ppc.rpm
          cc28460b1d6fac8f87cc4658fae45d3e
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/webalizer-2.01.06-72.src.rpm
          7d7cec18f488f97187338723b0151426
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/webalizer-2.01.06-70.ppc.rpm
          3630f538b0445ee462b73475b488b146
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/webalizer-2.01.06-70.src.rpm
          4c998066d5eb545bb1551e246f2724c1
    
    
    ______________________________________________________________________________
    
    2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
    
        - openssh
          After stabilizing the openssh package, updates for the distributions
          6.4-7.2 are currently being prepared. The update packages fix a security
          problem related to the recently discovered problems with source ip
          based access restrictions in a user's ~/.ssh/authorized_keys2 file.
          The packages will appear shortly on our ftp servers. Please note that
          packages for the distributions 6.3 and up including 7.0 containing
          cryptographic software are located on the German ftp server ftp.suse.de,
          all other packages can be found on ftp.suse.com at the usual location.
          We will issue a dedicated Security announcement for the openssh package.
    
        - nvi
          Takeshi Uno found a format tag vulnerability in all versions of nvi.
          The bug will be fixed in future version of SuSE Linux.
    
        - Please watch out for more announcements that are currently in our queue.
    
    ______________________________________________________________________________
    
    3)  standard appendix:
    
        SuSE runs two security mailing lists to which any interested party may
        subscribe:
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
            -   general/linux/SuSE security discussion.
                All SuSE security announcements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   SuSE's announce-only mailing list.
                Only SuSE's security annoucements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        For general information or the frequently asked questions (faq)
        send mail to:
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> or
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> respectively.
    
        ===============================================
        SuSE's security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
        ===============================================
    
    ______________________________________________________________________________
    
        The information in this advisory may be distributed or reproduced,
        provided that the advisory is not modified in any way.
        SuSE GmbH makes no warranties of any kind whatsoever with respect
        to the information contained in this security advisory.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.