[Pkg-awstats-devel] Bug#365909: AWStats: Shell code injection via
'migrate'
Hendrik Weimer
hendrik at enyo.de
Wed May 3 17:11:08 UTC 2006
Package: awstats
Version: 6.5-1
Severity: important
Tags: security
Source: http://www.osreviews.net/reviews/comm/awstats
| If the update of the stats via web front-end is allowed, a remote
| attacker can execute arbitrary code on the server using a specially
| crafted request involving the migrate parameter. Input starting with
| a pipe character ("|") leads to an insecure call to Perl's open
| function and the rest of the input being executed in a shell. The
| code is run in the context of the process running the AWStats CGI.
Note that AllowToUpdateStatsFromBrowser, which is required for
successful exploitation is disabled by default.
More information about the Pkg-awstats-devel
mailing list