COMMAND
	Webalizer remote buffer overflow
SYSTEMS AFFECTED
	Webalizer 2.01-09, 2.01-06
PROBLEM
	Spybreak [http://spybreak.host.sk] says :
	The webalizer has the ability  to  perform  reverse  DNS  lookups.  This
	ability is disabled  by  default,  but  if  enabled,  an  attacker  with
	command over his own DNS service, has the ability to  gain  remote  root
	acces to a machine, due to a  remote  buffer  overflow  in  the  reverse
	resolving code.
SOLUTION
	Franck Coppola  provided  a  patch  to  fix  the  vulnerability  (tested
	against webalizer-2.01-06) :
	
	|--- dns_resolv.c        Tue Apr 16 00:53:19 2002
	|***************
	|*** 445,449 ****
	|                                     size,strlen(res_ent->h_name));
	|  
	|!                         strcpy(child_buf, res_ent->h_name);
	|                          size = strlen(child_buf);
	|                       }
	|--- 445,449 ----
	|                                     size,strlen(res_ent->h_name));
	|  
	|!                         strncpy(child_buf, res_ent->h_name, MAXHOST);
	|                          size = strlen(child_buf);
	|                       }
	
	 Update (18 April 2002)
	 ======
	Version 2.01-10 has been released, which fixes  this  and  a  few  other
	buglets that have been discovered in the last month or  so.  Get  it  at
	the usual place :
	 
	http://www.mrunix.net/webalizer/ or http://www.webalizer.org
	ftp://ftp.mrunix.net/pub/webalizer/