The webalizer is a widely used tool for analyzing web server logs and produce statistics in HTML format. An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as "Cross-Site Scripting Vulnerability". Additionally the untrusted data will be written to files on the server running webalizer; this may lead to further problems when using this data as input for third-party software/scripts.
|
|
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: webalizer
Announcement-ID: SuSE-SA:2001:040
Date: Tuesday, Nov 06th, 2001 12.00 MET
Affected SuSE versions: 7.1, 7.2, 7.3
Vulnerability Type: remote privilege escalation
(cross-site scripting)
Severity (1-10): 5
SuSE default package: no
Other affected systems: all linux-like systems using this version
of webalizer
Content of this advisory:
1) security vulnerability resolved: webalizer
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The webalizer is a widely used tool for analyzing web server logs and
produce statistics in HTML format.
An exploitable bug was found in webalizer which allows a remote attacker
to execute commands on other client machines or revealing sensitive
information by placing HTML tags in the right place. This is possible
due to missing sanity checks on untrusted data - hostnames and search
keywords in this case - that are received by webalizer. This kind of attack
is also known as "Cross-Site Scripting Vulnerability".
Additionally the untrusted data will be written to files on the server
running webalizer; this may lead to further problems when using this
data as input for third-party software/scripts.
There is no known temporary fix, so please update your system with
the new RPMs from our FTP server.
Download the update package from locations described below and install
the package with the command:
rpm -Uhv file.rpm
The md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command:
rpm --checksig --nogpg file.rpm
independently from the md5 signatures below.
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/webalizer-2.01.06-140.i386.rpm
3525fd6ab9c27be34edad9bef05ff061
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/webalizer-2.01.06-140.src.rpm
898d975f34991a02f02da603b6bcd529
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/webalizer-2.01.06-139.i386.rpm
593a7f033158f57bac47cf2fa9cb83bc
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/webalizer-2.01.06-139.src.rpm
70ceb86a0373070a06f6d39ec0bc4377
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/webalizer-2.01.06-139.i386.rpm
74288622703dec120b18c0fbb5003917
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/webalizer-2.01.06-139.src.rpm
213f7a394052dc193be05a882768054a
Sparc Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/webalizer-2.01.06-54.sparc.rpm
5aa3b7511d704415498fbec3bfc2ccd5
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/webalizer-2.01.06-54.src.rpm
792efab485712286fc848234b1aa249d
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/webalizer-2.01.06-49.alpha.rpm
aa93070e8358b1cfd91b7fabffbfa985
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/webalizer-2.01.06-49.src.rpm
2065dd78c3f8147a94f97994fb37e6ce
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/webalizer-2.01.06-72.ppc.rpm
cc28460b1d6fac8f87cc4658fae45d3e
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/webalizer-2.01.06-72.src.rpm
7d7cec18f488f97187338723b0151426
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/webalizer-2.01.06-70.ppc.rpm
3630f538b0445ee462b73475b488b146
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/webalizer-2.01.06-70.src.rpm
4c998066d5eb545bb1551e246f2724c1
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- openssh
After stabilizing the openssh package, updates for the distributions
6.4-7.2 are currently being prepared. The update packages fix a security
problem related to the recently discovered problems with source ip
based access restrictions in a user's ~/.ssh/authorized_keys2 file.
The packages will appear shortly on our ftp servers. Please note that
packages for the distributions 6.3 and up including 7.0 containing
cryptographic software are located on the German ftp server http://ftp.suse.de,
all other packages can be found on http://ftp.suse.com at the usual location.
We will issue a dedicated Security announcement for the openssh package.
- nvi
Takeshi Uno found a format tag vulnerability in all versions of nvi.
The bug will be fixed in future version of SuSE Linux.
- Please watch out for more announcements that are currently in our queue.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.
===============================================
SuSE's security contact is <security@suse.com>.
===============================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBO+e7oney5gA9JdPZAQEOhgf/YYGOy0R1hVScGRcrMR1jNNNzKSe/xtqS
SC5SO8qFKnSIT5aFhDbc1BMdmPIGiJp8c0CS9M9mPyRop6LT55uPPdtRoLMgZkp0
TQVWVldz1F8Ou6fIjDXcv5blHR94ZRLi2is6Tzn+x1GC5srMJA6FDNMmwVWWdtjp
nJGulyqBrTdNMb6GkFKdCstc55WCa4/GExKbb0bMaJz3JR8EFD6PlBltYbf8Zk3g
PUeBMEkP7BeuzNci9I5SfD76/zbC3tta7i6h6SsjPFS8TE0GOojWWrBcc2yHOCZQ
i7PiWXqvSD/GnfCRIn/BuUlqEw4sTf412l4Ls7V+ubWniK6tZRrjcA==
=n24I
-----END PGP SIGNATURE-----
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83
--
Trete durch die Form ein, und trete aus der Form heraus.
--
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com |