Info

Disclosure

May 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

AWStats contains a flaw that may allow a malicious user to execute arbitrary commands via the "|" pipe character. The issue is triggered due to improper sanitization to the 'migrate' variable before being used in an "open()" call. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade, Third-Party Solution
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 6.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

AWStats	AWStats	6,5
		6.4

References

Milw0rm: 1755
Exploit Database: 1755
Bugtraq ID: 17844
Secunia Advisory ID: 19969 20170 20186 20496 20710
CVE ID: 2006-2237 (see also: NVD)
SCIP VulDB ID: 2203
Metasploit ID: 25284
ISS X-Force ID: 26287
VUPEN Advisory: ADV-2006-1678
Vendor Specific News/Changelog Entry: http://awstats.sourceforge.net/awstats_security_news.php
Vendor Specific Advisory URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909
http://www.gentoo.org/security/en/glsa/glsa-200606-06.xml
http://www.us.debian.org/security/2006/dsa-1058
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0007.html
http://www.novell.com/linux/security/advisories/2006_33_awstats.html
http://www.ubuntu.com/usn/usn-285-1
http://www.ubuntulinux.org/support/documentation/usn/usn-285-1
http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200606-06.xml
Generic Informational URL: http://www.osreviews.net/reviews/comm/awstats
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/awstats_migrate

Credit

Hendrik Weimer - hendrikenyo.de -

Direct URL: http://osvdb.org/25284