On Mon, Apr 18, 2011 at 02:05:27PM -0400, Jim Salter wrote:
> Package: webalizer
> Followup-For: Bug #622897
>
>
> Moritz, I believe that the initial attack was through webalizer because
> the path /var/www/.webalizer contained php injections which gave the
> attackers their initial shell, which was first used to host a phishing
> form which was also under /var/www/webalizer - whereas the production
> site on the host was under /[redacted]/[redacted], under which no files
> were added, removed, or modified.
>
> I'm not sure what you mean by "recent years"; but my own research showed
> a widely-exploited security bug in Webalizer in 2009 which I sincerely
> hope was either fixed by the upstream maintainers, or at least patched
> in Debian's repos. If it's that bug... well, dear lord, please let's
> get that patched, it's been two years already? =)
>
> Ref:
> http://news.softpedia.com/news/Webalizer-Bug-Possibly-Leading-to-Mass-Web-Compromise-119983.shtml
I can't find credible information on the incident mentioned above (and
most of the security websites are useless garbage anyway), however the
only webalizer issues, which have been assigned a CVE ID are from 2002.
(The only exception is #359745, which didn't receive a CVE ID.)
We're systemically triaging 6000-7000 security issues each year and I
would be surprised if an issue in a high-profile app like webalizer
would have remained unnoticed either by us or other security team from
Linux distributions.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
