Package: webalizer Version: 2.01.10-26 Severity: critical Justification: root security hole
I have identified a symlink vulnerability in Webalizer, which potentially allows an unprivileged user to cause a root-owned file to be overwritten. The vulnerability occurs if the user has write permission to the directory into which Webalizer will write its output, and Webalizer is run as a more privileged user (e.g. as root, from a system-wide cron job); a user can create a symlink from any of the filenames Webalizer writes (e.g. index.html) to any other file on the system, and Webalizer will write to the symlink's target. The attacker may also have some control over the contents with which the symlink's target will be overwritten, by making specially-crafted HTTP requests which will be written into the log file being parsed; some of the HTML files output by Webalizer contain strings pulled from the input log file. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages webalizer depends on: ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libgd2-xpm 2.0.33-1.1 GD Graphics Library version 2 ii libpng12-0 1.2.8rel-1 PNG library - runtime ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
