Bug#365910: [Pkg-awstats-devel] Bug#365910: AWStats: Malicious config
file shell code injection
Charles Fry
debian at frogcircus.org
Fri May 5 20:56:40 UTC 2006
> Exploit #2: http://www.example.com/cgi-bin/awstats.pl?configdir=/tmp
> with the attached file being placed in /tmp.
I see. So I assume that $LogFile must be run through Sanitize prior to
being opened, or at least checked for pipes?
I notcied the following related chunk of code:
# Deny LogFile if contains a pipe and PurgeLogFile || ArchiveLogRecords set on
if (($PurgeLogFile || $ArchiveLogRecords) && $LogFile =~ /\|\s*$/) {
error("A pipe in log file name is not allowed if PurgeLogFile and ArchiveLogRecords are not set to 0");
}
This suggests some previous thought about pipes. I'm trying to figure
out why they would ever be useful in a LogFile (since they are obviously
trying to account for them).
Is it correct to always deny pipes in LogFile?
Charles
--
A Christmas hug
A birthday kiss
Awaits
The woman
Who gives this
Burma-Shave
http://burma-shave.org/jingles/1940/a_christmas_hug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-awstats-devel/attachments/20060505/fe65d036/attachment.pgp
More information about the Pkg-awstats-devel
mailing list