Your message dated Sun, 22 Jan 2006 11:17:27 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#343877: fixed in webalizer 2.01.10-28
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Dec 2005 13:14:40 +0000
>From [EMAIL PROTECTED] Sun Dec 18 05:14:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pne-smtpout2-sn2.hy.skanova.net ([81.228.8.164])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EnyN5-0002nW-T9
for [EMAIL PROTECTED]; Sun, 18 Dec 2005 05:14:40 -0800
Received: from 81-224-175-215-o1123.tbon.telia.com (81.224.175.215) by
pne-smtpout2-sn2.hy.skanova.net (7.2.069.1)
id 43A17870000B71E6; Sun, 18 Dec 2005 14:14:08 +0100
Received: from metaur by 81-224-175-215-o1123.tbon.telia.com with local (Exim
4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1EnyMb-0000wV-8x; Sun, 18 Dec 2005 14:14:09 +0100
Date: Sun, 18 Dec 2005 14:14:09 +0100
From: Ulf Harnhammar <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: webalizer: various buffer overflows
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="/04w6evG8XlLl3ft"
Content-Disposition: inline
X-Blog-URL: http://www.advogato.org/person/metaur/
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
UPPERCASE_25_50 autolearn=no version=2.60-bugs.debian.org_2005_01_02
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: Quoted-Printable
Subject: webalizer: various buffer overflows
Package: webalizer
Version: 2.01.10-27
Severity: important
Tags: patch
Hello,
I have found some more buffer overflows in webalizer. People from Debian =
seem to
have worked on this earlier on, and here are some more bugs to fix. None =
of them
seem to have any security impact.
The first overflow occurs when parsing FTP xfer log files, specifically t=
he IDENT
part which can write far beyond its limits. During my testing, I was unab=
le to
make this bug crash the program because of the way things are laid out in=
memory,
but I still think it is worth fixing, as writing outside of char buffers =
in C is
a serious matter. You can test it with the attached ftplog.txt file (but =
you have
to add a printf() statement to verify that the overflow occurs).
The second overflow occurs when parsing webalizer.conf, where bad config =
files cause
Segmentation faults. I have attached a webalizer.conf file that causes th=
is problem
in two different ways.
The third overflow is an off-by-one bug in the DNS handling.
I have attached a patch that corrects all three issues.
// Ulf H=E4rnhammar, Debian Security Audit Project
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1)
Versions of packages webalizer depends on:
ii debconf [debconf-2.0] 1.4.62 Debian configuration managem=
ent sy
ii libc6 2.3.5-8 GNU C Library: Shared librar=
ies an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libra=
ries [
ii libgd2-xpm 2.0.33-2 GD Graphics Library version =
2
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii zlib1g 1:1.2.3-8 compression library - runtim=
e
webalizer recommends no packages.
-- debconf information excluded
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ftplog.txt"
Content-Transfer-Encoding: Quoted-Printable
x Dec 18 13:18:15 2005 5 5 xy 5 xy xy xy UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU=
UUUUUUUUUU
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="webalizer.conf"
Content-Transfer-Encoding: 7Bit
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU a
a
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="webalizer.oflows.patch"
Content-Transfer-Encoding: 7Bit
--- parser.c.old 2005-12-18 13:34:00.000000000 +0100
+++ parser.c 2005-12-18 13:38:11.000000000 +0100
@@ -134,7 +134,7 @@ int parse_record(char *buffer)
int parse_record_ftp(char *buffer)
{
int size;
- int i,j;
+ int i,j,count;
char *cp1, *cp2, *cpx, *cpy, *eob;
size = strlen(buffer); /* get length of buffer */
@@ -206,8 +206,8 @@ int parse_record_ftp(char *buffer)
if (cp1<eob) cp1++;
while (*cp1!=0 && cp1<eob) cp1++;
if (cp1<eob) cp1++;
- cp2=log_rec.ident;
- while (*cp1!=0 && cp1<eob) *cp2++ = *cp1++;
+ cp2=log_rec.ident;count=MAXIDENT-1;
+ while (*cp1!=0 && cp1<eob && count) { *cp2++ = *cp1++; count--; }
*cp2='\0';
/* return appropriate response code */
--- webalizer.c.old 2005-12-18 12:42:55.000000000 +0100
+++ webalizer.c 2005-12-18 12:49:58.000000000 +0100
@@ -1498,7 +1498,7 @@ void get_config(char *fname)
char keyword[32];
char value[132];
char *cp1, *cp2;
- int i,key;
+ int i,key,count;
int num_kwords=sizeof(kwords)/sizeof(char *);
if ( (fp=fopen(fname,"r")) == NULL)
@@ -1514,14 +1514,14 @@ void get_config(char *fname)
if ( (buffer[0]=='#') || isspace((int)buffer[0]) ) continue;
/* Get keyword */
- cp1=buffer;cp2=keyword;
- while ( isalnum((int)*cp1) ) *cp2++ = *cp1++;
+ cp1=buffer;cp2=keyword;count=31;
+ while ( (isalnum((int)*cp1)) && count ) { *cp2++ = *cp1++; count--; }
*cp2='\0';
/* Get value */
- cp2=value;
+ cp2=value;count=131;
while ( (*cp1!='\n')&&(*cp1!='\0')&&(isspace((int)*cp1)) ) cp1++;
- while ( (*cp1!='\n')&&(*cp1!='\0') ) *cp2++ = *cp1++;
+ while ( (*cp1!='\n')&&(*cp1!='\0')&&count ) { *cp2++ = *cp1++; count--; }
*cp2--='\0';
while ( (isspace((int)*cp2)) && (cp2 != value) ) *cp2--='\0';
--- dns_resolv.c.old 2005-12-18 12:21:48.000000000 +0100
+++ dns_resolv.c 2005-12-18 12:23:04.000000000 +0100
@@ -159,7 +159,7 @@ void resolve_dns(struct log_struct *log_
strncpy (log_rec->hostname,
((struct dnsRecord *)response.data)->hostName,
MAXHOST);
- log_rec->hostname[MAXHOST]=0;
+ log_rec->hostname[MAXHOST-1]=0;
if (debug_mode)
fprintf(stderr," found: %s (%ld)\n",
log_rec->hostname, alignedRecord.timeStamp);
--/04w6evG8XlLl3ft--
---------------------------------------
Received: (at 343877-close) by bugs.debian.org; 22 Jan 2006 19:20:27 +0000
>From [EMAIL PROTECTED] Sun Jan 22 11:20:27 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F0kiN-0003VL-Pj; Sun, 22 Jan 2006 11:17:27 -0800
From: Jose Carlos Medeiros <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#343877: fixed in webalizer 2.01.10-28
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 22 Jan 2006 11:17:27 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: webalizer
Source-Version: 2.01.10-28
We believe that the bug you reported is fixed in the latest version of
webalizer, which is due to be installed in the Debian FTP archive:
webalizer_2.01.10-28.diff.gz
to pool/main/w/webalizer/webalizer_2.01.10-28.diff.gz
webalizer_2.01.10-28.dsc
to pool/main/w/webalizer/webalizer_2.01.10-28.dsc
webalizer_2.01.10-28_i386.deb
to pool/main/w/webalizer/webalizer_2.01.10-28_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Medeiros <[EMAIL PROTECTED]> (supplier of updated webalizer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 20 Jan 2006 15:59:42 -0200
Source: webalizer
Binary: webalizer
Architecture: source i386
Version: 2.01.10-28
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Changed-By: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Description:
webalizer - Web server log analysis program
Closes: 81918 98749 114768 252816 258058 293794 298823 309359 327496 338067
343877
Changes:
webalizer (2.01.10-28) unstable; urgency=low
.
* Added a simple FAQ with Questions and Answers in README.Debian.
(closes: #81918, #114768, #258058, #98749, #298823)
* Portuguese po-debconf translation, thanks to Miguel Figueiredo
<[EMAIL PROTECTED]>. (closes: #338067)
* Added more information about DNS lookups in DNS.README file (line 160 to
162). (closes: #309359)
* Changed webalizer.cron.daily to run webalizer even when current log file
is empty. (closes: #252816)
* Solved various buffer overflows, thanks to: Ulf Harnhammar
<[EMAIL PROTECTED]>. (closes: #343877)
* Removed unused file "x".
* Added "sensis.com.au" as SearchEngine in sample.conf. (closes: #327496)
* Deleted CVS directory to solve "source-contains-CVS-dir CVS" lintian
error.
* Added patch with new "Nofollow" option. Thanks to Robert Cheramy
<[EMAIL PROTECTED]> (Closes: #293794)
Files:
5578795415dad2f2c028ca61e39a9d30 784 web optional webalizer_2.01.10-28.dsc
7d06e620f6bf7c6c4b63a003e506d772 203861 web optional
webalizer_2.01.10-28.diff.gz
c7b479edea61b1a1e3e545b43bc5aa3c 311158 web optional
webalizer_2.01.10-28_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD09YvGKGxzw/lPdkRArAzAKCFbMN1wWdj0gc0DYPV8YFcT5CMhACdHIAF
3l0LIkNk6Cy+Dxq6zPlZNrk=
=PUJi
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
