Info

Disclosure

Jan 01, 2005

Discovery

Unknown

Dates

Exploit

Jan 26, 2005

Solution

Unknown

Description

AWStats contains a flaw that may allow a malicious user to issue arbitray commands under the web server privileges. The issue is triggered when using the pipe character (|) and shell metacaracters in the 'configdir' variable of the awstats.pl script. Such input is not santitized before being passed to the perl 'open()' command to be executed.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
OSVDB: Web Related

Solution

Upgrade to version 6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Laurent Destailleur

AWStats

6.1

References

Vendor Specific News/Changelog Entry: http://awstats.sourceforge.net/docs/awstats_changelog.txt
CERT VU: 272296
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200501-36.xml
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities
http://www.redteam-pentesting.de/advisories/rt-sa-2005-006.txt
Secunia Advisory ID: 13893 14007
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0288.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0258.html
CVE ID: 2005-0116 (see also: NVD)
Vendor URL: http://awstats.sourceforge.net/

Credit

iDEFENSE - idlabs-advisoriesidefense.com - iDEFENSE

Direct URL: http://osvdb.org/36218